spamassassin -- Malicious rule configuration (.cf) files can be configured to run system commands
The Apache SpamAssassin project reports:
Apache SpamAssassin 3.4.5 was recently released , and fixes
an issue of security note where malicious rule configuration (.cf)
files can be configured to run system commands.
In Apache SpamAssassin before 3.4.5, exploits can be injected in
a number of scenarios. In addition to upgrading to SA 3.4.5,
users should only use update channels or 3rd party .cf files from
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright