Published: 17/09/2018 Updated: 07/11/2023

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache spamassassin
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0
debian debian linux 8.0
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 12.04
canonical ubuntu linux 18.04
redhat enterprise linux server eus 7.5

Synopsis Important: spamassassin security update Type/Severity Security Advisory: Important Topic An update for spamassassin is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...

Several security issues were fixed in SpamAssassin ...

Debian Bug report logs - #908971 spamassassin: CVE-2018-11781: local user code injection in the meta rule syntax Package: src:spamassassin; Maintainer for src:spamassassin is Noah Meyerhans <noahm@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Sep 2018 20:45:07 UTC Severity: grave Ta ...

Debian Bug report logs - #908969 spamassassin: CVE-2017-15705: denial of service vulnerability Package: src:spamassassin; Maintainer for src:spamassassin is Noah Meyerhans <noahm@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Sep 2018 20:45:02 UTC Severity: grave Tags: security, upst ...

Debian Bug report logs - #908970 spamassassin: CVE-2018-11780: potential remote code execution bug with the PDFInfo plugin Package: src:spamassassin; Maintainer for src:spamassassin is Noah Meyerhans <noahm@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Sep 2018 20:45:05 UTC Severity ...

A flaw was found in the way SpamAssassin processes HTML email containing unclosed HTML tags A carefully crafted mail message could cause SpamAssassin to consume significant resources If a large number of these messages are sent, a denial of service could occur potentially delaying or preventing the delivery of email(CVE-2017-15705) A flaw was f ...

A flaw was found in the way a local user on the SpamAssassin server could inject code in the meta rule syntax This could cause the arbitrary code execution on the server when these rules are being processed(CVE-2018-11781) A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 342(CVE-2018-11780) A f ...

A flaw was found in the way a local user on the SpamAssassin server could inject code in the meta rule syntax This could cause the arbitrary code execution on the server when these rules are being processed ...

CWE-94 https://access.redhat.com/errata/RHSA-2018:2916 https://usn.ubuntu.com/3811-1/https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html https://usn.ubuntu.com/3811-3/https://security.gentoo.org/glsa/201812-07 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E https://access.redhat.com/errata/RHSA-2018:2916 https://nvd.nist.gov https://usn.ubuntu.com/3811-1/

CVE-2018-11781

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect