CVE-2010-1132

NameCVE-2010-1132
DescriptionThe mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2021-1, DSA-2021-2
Debian Bugs573228

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
spamass-milter (PTS)sid, trixie, bookworm, bullseye0.4.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
spamass-miltersourcelenny0.3.1-8+lenny2DSA-2021-2
spamass-miltersource(unstable)0.3.1-9573228
Search for package or bug name: Reporting problems