FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

spamassassin -- Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings

Affected packages
spamassassin < 3.4.4

Details

VuXML ID e3404a6e-4364-11ea-b643-206a8a720317
Discovery 2020-01-30
Entry 2020-01-30

the Apache Spamassassin project reports:

nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings.

[source]

References

CVE Name CVE-2020-1931
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1931
URL https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.