安全研究

安全漏洞
SpamAssassin 畸形电子邮件标头远程拒绝服务漏洞

发布日期:2005-06-17
更新日期:2007-06-17

受影响系统:
SpamAssassin SpamAssassin 3.0.3
SpamAssassin SpamAssassin 3.0.2
SpamAssassin SpamAssassin 3.0.1
描述:
BUGTRAQ  ID: 13978
CVE(CAN) ID: CVE-2005-1266

SpamAssassin是一款用于过滤垃圾邮件的解决方案。

Apache SpamAssassin 3.0.1, 3.0.2, 3.0.3在处理较大的“Content-Type”报文头时存在安全漏洞,远程攻击者利用此漏洞可造成拒绝服务(CPU耗尽)。

<*来源:vendor
  *>

建议:
厂商补丁:

SpamAssassin
------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://spamassassin.org/




SpamAssassin SpamAssassin 2.40
SpamAssassin Mail-SpamAssassin-2.64.tar.gz
http://old.spamassassin.org/released/Mail-SpamAssassin-2.64.tar.gz


SpamAssassin SpamAssassin 2.41 0
SpamAssassin Mail-SpamAssassin-2.64.tar.gz
http://old.spamassassin.org/released/Mail-SpamAssassin-2.64.tar.gz


SpamAssassin SpamAssassin 2.42 0
SpamAssassin Mail-SpamAssassin-2.64.tar.gz
http://old.spamassassin.org/released/Mail-SpamAssassin-2.64.tar.gz


SpamAssassin SpamAssassin 2.43 0
SpamAssassin Mail-SpamAssassin-2.64.tar.gz
http://old.spamassassin.org/released/Mail-SpamAssassin-2.64.tar.gz


SpamAssassin SpamAssassin 2.44
Mandrake perl-Mail-SpamAssassin-2.44-1.1.91mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake perl-Mail-SpamAssassin-2.44-1.1.91mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php

Mandrake perl-Mail-SpamAssassin-2.53-1.1.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/X86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake spamassassin-2.44-1.1.91mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake spamassassin-2.44-1.1.91mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php

Mandrake spamassassin-2.53-1.1.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/X86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake spamassassin-tools-2.44-1.1.91mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake spamassassin-tools-2.44-1.1.91mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php

Mandrake spamassassin-tools-2.53-1.1.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/X86_64
http://www.mandrakesecure.net/en/ftp.php

SpamAssassin Mail-SpamAssassin-2.64.tar.gz
http://old.spamassassin.org/released/Mail-SpamAssassin-2.64.tar.gz


SpamAssassin SpamAssassin 2.50 0
SpamAssassin Mail-SpamAssassin-2.64.tar.gz
http://old.spamassassin.org/released/Mail-SpamAssassin-2.64.tar.gz


SpamAssassin SpamAssassin 2.55
Mandrake perl-Mail-SpamAssassin-2.55-2.1.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake perl-Mail-SpamAssassin-2.55-2.1.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php

Mandrake spamassassin-2.55-2.1.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake spamassassin-2.55-2.1.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php

Mandrake spamassassin-tools-2.55-2.1.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake spamassassin-tools-2.55-2.1.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php


SpamAssassin SpamAssassin 2.60
Conectiva spamassassin-2.60-28724U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/spamassassin-2.60-28724U90_ 2cl.i386.rpm

Conectiva spamassassin-doc-2.60-28724U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/spamassassin-doc-2.60-28724 U90_2cl.i386.rpm

RedHat spamassassin-2.63-0.2.2.legacy.i386.rpm
RedHat Fedora Core 1
http://download.fedoralegacy.org/fedora/1/updates/i386/spamassassin-2. 63-0.2.2.legacy.i386.rpm

SpamAssassin Mail-SpamAssassin-2.64.tar.gz
http://old.spamassassin.org/released/Mail-SpamAssassin-2.64.tar.gz

浏览次数:1905
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客