You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Matt Kettler <mk...@evi-inc.com> on 2004/12/31 01:42:17 UTC
Re: 2.63 DoS vulnerability (was: problems matching the dollar
sign ("$"))
At 09:53 AM 12/30/2004, Rainer Sokoll wrote:
>On Thu, Dec 30, 2004 at 08:36:00AM -0500, Josh Endries wrote:
>
> > body and rawbody. This is with SA 2.63 and Perl 5.005_03, which I
> > can't upgrade :(.
>
>You do not have to upgrade perl, you can have a 2nd install instead.
And if Josh chooses to not upgrade perl, he should at least upgrade SA to
2.64 ASAP...
2.50-2.63 all have a malformed message DoS vulnerability.
And no, this isn't new news, it was in 2.64's release announcement back in
august
http://marc.theaimsgroup.com/?l=spamassassin-announce&m=109168121628767&w=2
Not to mention being reported in dozens of security databases, including CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0796