LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

Relicensing and rebasing LibreOffice

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

SpamAssassin-milter has a remote root vulnerability

[Posted March 17, 2010 by corbet]

SpamAssassin-milter has a remote root vulnerability
[Security] Posted Mar 17, 2010 19:20 UTC (Wed) by corbet

SpamAssassin-milter plugs SpamAssassin into mail agents which speak the "milter" protocol. It is, evidently, trivially easy to get this plugin to execute commands as root when it is used with Postfix in some configurations, and possibly with other mailers as well. There is a bug tracker entry where progress on a patch can be followed; the developers seem to not be in a great hurry, despite the fact that exploits are circulating. Sites using SpamAssassin-milter should probably just disable it for now. (Thanks to Christof Damian).

Comments (6 posted)

Copyright © 2010, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds