Vulnerability Details : CVE-2010-1132
The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.
Exploit prediction scoring system (EPSS) score for CVE-2010-1132
Probability of exploitation activity in the next 30 days: 20.26%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-1132
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2010-1132
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-1132
-
http://www.exploit-db.com/exploits/11662
Apache SpamAssassin Milter Plugin 0.3.1 - Remote Command Execution - Multiple remote ExploitExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/56732
SpamAssassin Milter Plugin expand (-x) flag command execution CVE-2010-1132 Vulnerability Report
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038535.html
[SECURITY] Fedora 12 Update: spamass-milter-0.3.1-18.fc12
-
http://www.vupen.com/english/advisories/2010/0683
Webmail | OVH- OVHVendor Advisory
-
http://www.vupen.com/english/advisories/2010/0559
Webmail | OVH- OVHVendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038777.html
[SECURITY] Fedora 13 Update: spamass-milter-0.3.1-18.fc13
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038572.html
[SECURITY] Fedora 11 Update: spamass-milter-0.3.1-18.fc11
-
http://www.debian.org/security/2010/dsa-2021
Debian -- Security Information -- DSA-2021-1 spamass-milter
-
http://bugs.debian.org/573228
#573228 - Arbitrary command execution (report from full-disclosure) - Debian Bug report logs
-
http://www.securitytracker.com/id?1023691
SpamAssassin Milter Plugin Input Validation Flaw Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
https://savannah.nongnu.org/bugs/?29136
SpamAssassin Milter Plugin - Bugs: bug #29136, SpamAssassin Milter Plugin Input... [Savannah]
-
https://bugzilla.redhat.com/show_bug.cgi?id=572117
572117 – (CVE-2010-1132) CVE-2010-1132 SpamAssassin Mail Filter: Arbitrary shell command injection (privilege escalation)
-
http://www.securityfocus.com/bid/38578
SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection VulnerabilityExploit
-
http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html
Exploit
-
http://www.vupen.com/english/advisories/2010/0837
Webmail | OVH- OVHVendor Advisory
Products affected by CVE-2010-1132
- cpe:2.3:a:georg_greve:spamassassin_milter_plugin:0.3.1:*:*:*:*:*:*:*