A flaw was found in the way a local user on the SpamAssassin server could inject code in the meta rule syntax. This could cause the arbitrary code execution on the server when these rules are being processed.
Find out more about CVE-2018-11781 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS3 Base Score | 8.4 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Attack Vector | Local |
Attack Complexity | Low |
Privileges Required | None |
User Interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity Impact | High |
Availability Impact | High |
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux 7 (spamassassin) | RHSA-2018:2916 | 2018-10-11 |
Platform | Package | State |
---|---|---|
Red Hat Enterprise Linux 6 | spamassassin | Will not fix |
Red Hat Enterprise Linux 5 | spamassassin | Will not fix |