SMTP: SpamAssassin Content-Type Denial of Service

This signature detects a malformed e-mail that can trigger a denial-of-service condition within the SpamAssassin daemon. This attack could be used to disable the spam filtering system of a mail server.

Extended Description

SpamAssassin is prone to a remote denial-of-service vulnerability because the application fails to properly handle overly long email headers. Further details regarding this vulnerability are currently not available. This BID will be updated as more information is disclosed. An attacker may cause SpamAssassin to take inordinate amounts of time to check a specially crafted email message. By sending many malicious messages, the attacker may be able to cause extremely large delays in email delivery, denying service to legitimate users.

Affected Products

Mandriva linux_mandrake

References

BugTraq: 13978

CVE: CVE-2005-1266

URL: http://www.vuxml.org/freebsd/cc4ce06b-e01c-11d9-a8bd-000cf18bbe54.html http://www.mandriva.com/en/support/security/advisories/advisory/MDKSA-2005:106/?name=MDKSA-2005:106

Short Name

SMTP:SPAMASS-DOS

Severity

Minor

Recommended

False

Recommended Action

None

SMTP: SpamAssassin Content-Type Denial of Service

Extended Description

Affected Products

References

Found a potential security threat?