Signature Detail

SMTP: SpamAssassin Long Message Header Denial of Service

There exists a remote denial of service vulnerability in Apache SpamAssassin. A successful attack can result in a denial-of-service condition.

Extended Description

SpamAssassin is prone to a vulnerability that could bypass spam detection. This issue is due to a failure in the application to handle exceptional conditions. An attacker can exploit this vulnerability to crash a child process, effectively permitting the email to bypass detection and go through.

Affected Products

• Mandriva Linux Mandrake 10.1.0
• Mandriva Linux Mandrake 10.1.0 X86 64
• Mandriva Linux Mandrake 10.2.0
• Mandriva Linux Mandrake 10.2.0 X86 64
• Mandriva Linux Mandrake 2006.0.0
• Mandriva Linux Mandrake 2006.0.0 X86 64
• Red Hat Desktop 4.0.0
• Red Hat Enterprise Linux AS 4
• Red Hat Enterprise Linux ES 4
• Red Hat Enterprise Linux WS 4
• Red Hat Fedora Core3
• SpamAssassin 3.0.4
• SuSE Linux Personal 10.0.0 OSS
• SuSE Linux Personal 9.2.0
• SuSE Linux Personal 9.2.0 X86 64
• SuSE Linux Personal 9.3.0
• SuSE Linux Personal 9.3.0 X86 64
• SuSE Linux Professional 10.0.0
• SuSE Linux Professional 10.0.0 OSS
• SuSE Linux Professional 9.2.0
• SuSE Linux Professional 9.2.0 X86 64
• SuSE Linux Professional 9.3.0
• SuSE Linux Professional 9.3.0 X86 64
• Trustix Secure Linux 2.2.0
• Trustix Secure Linux 3.0.0

References

• BugTraq: 15373
• CVE: CVE-2005-3351