VUPEN Security - Fedora Security Update Fixes SpamAssassin Local Denial of Service Vulnerability / Exploit (Security Advisories)

	Contact \| Site en Français

VUPEN VNS v4.0

Features and Options

Free 14-Day Trial

Partner Program

Receive More Information

Latest Intelligence

VUPEN Security Advisories

Virus and Malware Alerts

VUPEN Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Fedora Security Update Fixes SpamAssassin Local Denial of Service Vulnerability

Title : Fedora Security Update Fixes SpamAssassin Local Denial of Service Vulnerability
VUPEN ID : VUPEN/ADV-2007-2184
CVE ID : CVE-2007-2873
CWE ID : VUPEN VNS Only

CVSS V2 : VUPEN VNS Only

Rated as : Low Risk

Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-06-14

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

A vulnerability has been identified in Fedora, which could be exploited by local attackers to cause a denial of service. This issue is caused by an error in SpamAssassin. For additional information, see : VUPEN/ADV-2007-2172

Affected Products

Fedora Core 5
Fedora Core 6
Fedora 7

Solution

Upgrade the affected packages :

8ff93dacf15b6b87c5671ed14b2c3ebc6d635e78 spamassassin-3.2.1-1.fc7.ppc64.rpm
b4e358f30ffe83679f93da8308f1f9d0d4cd5577 spamassassin-debuginfo-3.2.1-1.fc7.ppc64.rpm
9b5ebf66aeeffb680d353af9969f615d3f499216 spamassassin-3.2.1-1.fc7.i386.rpm
4e0bb96880e3e68ef9dc69b598271c371fc69d48 spamassassin-debuginfo-3.2.1-1.fc7.i386.rpm
42637e0bc1aa5e49271659aca910b4c90adba729 spamassassin-3.2.1-1.fc7.x86_64.rpm
7b216cc7e17d28fca9e21eaf714576c124ab6a3a spamassassin-debuginfo-3.2.1-1.fc7.x86_64.rpm
e89a9dd4e07a3f0d110745e2ac0f847d452fb392 spamassassin-3.2.1-1.fc7.ppc.rpm
762d0ea08671e47207baeadb60c8da771181f456 spamassassin-debuginfo-3.2.1-1.fc7.ppc.rpm
4be2f1bd5f8e626f743af081a271e728b0aa2463 spamassassin-3.2.1-1.fc7.src.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

e35f9489f830f3fd3cb8c1270b86a56a1856a952 SRPMS/spamassassin-3.1.9-1.fc6.src.rpm
e35f9489f830f3fd3cb8c1270b86a56a1856a952 noarch/spamassassin-3.1.9-1.fc6.src.rpm
424c75875c9bbb4d77821e420c56a714c4b0bb7f ppc/spamassassin-3.1.9-1.fc6.ppc.rpm
fb39e814ce1cff3fd691a59b3f7ee7c6ffa00474 ppc/debug/spamassassin-debuginfo-3.1.9-1.fc6.ppc.rpm
77fee9411cfe1d3aafd06f3338e7d67d4b8e68d1 x86_64/debug/spamassassin-debuginfo-3.1.9-1.fc6.x86_64.rpm
7bd1a5062cab3ebc8f3ad9893547850eefdc6ae4 x86_64/spamassassin-3.1.9-1.fc6.x86_64.rpm
fc4d2f0597ca411bd6fafb1d68172953aadb736d i386/spamassassin-3.1.9-1.fc6.i386.rpm
2a71ee2c4ac5cd4a4dbbbbec9db3288dc43c1167 i386/debug/spamassassin-debuginfo-3.1.9-1.fc6.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

d149196c0c9996e0b3b7269fba0764a26564d049 SRPMS/spamassassin-3.1.9-1.fc5.1.src.rpm
d149196c0c9996e0b3b7269fba0764a26564d049 noarch/spamassassin-3.1.9-1.fc5.1.src.rpm
ed38c2336f1bc1b45dc8a6538aaf8790c86ca91f ppc/debug/spamassassin-debuginfo-3.1.9-1.fc5.1.ppc.rpm
bed8d94a07da4003157afa92b088d333fb81c8ab ppc/spamassassin-3.1.9-1.fc5.1.ppc.rpm
e68d895f0a10ba026543052c5befe8f84d49c37f x86_64/debug/spamassassin-debuginfo-3.1.9-1.fc5.1.x86_64.rpm
25dfab33bd05c9f1f8a1a810e84db97308e09f61 x86_64/spamassassin-3.1.9-1.fc5.1.x86_64.rpm
9c42dbba61e33334f3c2b4d5188dcaec07657bc1 i386/spamassassin-3.1.9-1.fc5.1.i386.rpm
8bc34c7eae33cd6505c1a4ad753d1202eaae2c42 i386/debug/spamassassin-debuginfo-3.1.9-1.fc5.1.i386.rpm

References

http://www.vupen.com/english/advisories/2007/2184
https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00211.html
https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00214.html
https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00216.html

ChangeLog

2007-06-14 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

VUPEN Vulnerability
Notification Service

Latest Advisories

>> 2010-03-16

IBM HTTP Server "mod_isapi" Module Unloading Vulnerability

>> 2010-03-16

WFTPD "REST" Command Remote Denial of Service Vulnerability

>> 2010-03-16

RemoteExec Computers List ".rec" File Buffer Overflow Vulnerability

>> 2010-03-16

HP PCs Broadcom Integrated NIC Remote Code Execution Vulnerability

>> 2010-03-16

MicroWorld eScan for Linux "uname" Command Injection Vulnerability

More Informations