← Retour aux CVEs
CVE-2020-1946
CRITICAL9.8
Description
In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie3/25/2021
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
apache:spamassassindebian:debian_linuxfedoraproject:fedora
Faiblesses (CWE)
CWE-78CWE-78
References
https://lists.debian.org/debian-lts-announce/2021/04/msg00000.html(security@apache.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7V2SBVTKVLFFT36ECJQ7TQ7KAQCQZDRZ/(security@apache.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFBFRIG5TX23NF4ND6OAKKY7I6TLRCCP/(security@apache.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKAXYBKBMQOLIW6UKASJCAZRBOIYS4RL/(security@apache.org)
https://s.apache.org/3r1wh(security@apache.org)
https://security.gentoo.org/glsa/202105-26(security@apache.org)
https://www.debian.org/security/2021/dsa-4879(security@apache.org)
https://lists.debian.org/debian-lts-announce/2021/04/msg00000.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7V2SBVTKVLFFT36ECJQ7TQ7KAQCQZDRZ/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFBFRIG5TX23NF4ND6OAKKY7I6TLRCCP/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKAXYBKBMQOLIW6UKASJCAZRBOIYS4RL/(af854a3a-2127-422b-91ae-364da2661108)
https://s.apache.org/3r1wh(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202105-26(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2021/dsa-4879(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.