CyberSec.Space Logo
CVEブラウザに戻る

CVE-2010-1132

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0520%
EPSS Percentile36.51th
Published2010年3月27日
Last Modified2026年4月29日

Vulnerability Description

The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.

Affected Platforms (CPE)

📦
Georg Greve

Spamassassin Milter Plugin

= 0.3.1

References & Advisories

🔗 http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html
🔗 http://bugs.debian.org/573228
🔗 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038535.html
🔗 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038572.html
🔗 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038777.html
🔗 http://osvdb.org/62809
🔗 http://secunia.com/advisories/38840
🔗 http://secunia.com/advisories/38956

関連する脆弱性情報

CVE-2010-375410.0

The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 thr...

CVE-2010-373110.0

Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the ...

CVE-2010-355210.0

Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote atta...

CVE-2010-375710.0

Format string vulnerability in the _Eventlog function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) Fast...