96355 – SpamAssassin 3.0.1-3.0.3 seems to be vulnerable to DoS attacks

Bug 96355 - SpamAssassin 3.0.1-3.0.3 seems to be vulnerable to DoS attacks

Summary: SpamAssassin 3.0.1-3.0.3 seems to be vulnerable to DoS attacks

Status:	RESOLVED DUPLICATE of bug 94722

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Gentoo Security

URL:	http://marc.theaimsgroup.com/?l=spama...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-06-17 02:53 UTC by quazgar
Modified:	2005-06-17 02:57 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description quazgar 2005-06-17 02:53:03 UTC

According to
http://marc.theaimsgroup.com/?l=spamassassin-announce&m=111886630726077&w=2 ,
SpamAssassin (versions 3.0.1-3.0.3) seems to be vulnerable to DoS attacks with
certain misformatted long message headers causing sa to take a long time. I
don't know the "correct" procedure, but shouldn't the old version of sa be
marked hard-masked now?

Reproducible: Didn't try
Steps to Reproduce:




This might be somehow related to bug #95492, though I'm not sure about that.

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2005-06-17 02:57:03 UTC


*** This bug has been marked as a duplicate of 94722 ***