Detections
Analytics

FreeBSD : SpamAssassin -- denial-of-service in tokenize_headers (0d3a5148-f512-11d8-9837-000c41e2cdad)

medium Nessus Plugin ID 14345

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

According to the SpamAssassin 2.64 release announcement :

Security fix prevents a denial of service attack open to certain malformed messages; this DoS affects all SpamAssassin 2.5x and 2.6x versions to date.

The issue appears to be triggered by overly long message headers.

Solution

Update the affected package.

See Also

https://marc.info/?l=spamassassin-announce&m=109168121628767

http://search.cpan.org/src/JMASON/Mail-SpamAssassin-2.64/Changes

http://www.nessus.org/u?0e3e3369

Plugin Details

Severity: Medium

ID: 14345

File Name: freebsd_p5_Mail_SpamAssassin_264.nasl

Version: 1.15

Type: local

Published: 8/23/2004

Updated: 11/20/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:p5-mail-spamassassin, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 8/23/2004

Vulnerability Publication Date: 8/4/2004

Reference Information

CVE: CVE-2004-0796

BID: 10957