SpamAssassin 3, Vipul's Razor: Denial of Service vulnerability

SpamAssassin 3, Vipul's Razor: Denial of Service vulnerability SpamAssassin and Vipul's Razor are vulnerable to a Denial of Service attack when handling certain malformed messages. SpamAssassin, Vipul's Razor 2005-06-21 2006-05-22 94722 95492 96776 remote 3.0.4 3.0.1 3.0.4 2.74 2.74

SpamAssassin is an extensible email filter which is used to identify junk email. Vipul's Razor is a client for a distributed, collaborative spam detection and filtering network.

SpamAssassin and Vipul's Razor contain a Denial of Service vulnerability when handling special misformatted long message headers.

By sending a specially crafted message an attacker could cause a Denial of Service attack against the SpamAssassin/Vipul's Razor server.

There is no known workaround at this time.

All SpamAssassin users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose ">=mail-filter/spamassassin-3.0.4"

All Vipul's Razor users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose ">=mail-filter/razor-2.74"

CAN-2005-1266 CVE-2005-2024 SpamAssassin Announcement Vipul's Razor Announcement jaervosz jaervosz