CVE-2018-11781

Published: Sep 17, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.

Affected (10)

Products: Apache: Spamassassin · Canonical: Ubuntu Linux · Debian: Debian Linux · +1 more

Show all products

Apache: Spamassassin · Canonical: Ubuntu Linux · Debian: Debian Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Eus, Enterprise Linux Workstation

1 product

1 product

1 product

4 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Eus

Enterprise Linux Workstation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Spamassassin	Before 3.4.2

Configuration B

9 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Debian Debian Linux	Version 8.0
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Eus	Version 7.5
Redhat Enterprise Linux Workstation	Version 7.0

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (14)

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html

Source: security@apache.org

https://access.redhat.com/errata/RHSA-2018:2916

Source: security@apache.org

Third Party Advisory

https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E

Source: security@apache.org

https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html

Source: security@apache.org

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/201812-07

Source: security@apache.org

Third Party Advisory

https://usn.ubuntu.com/3811-1/

Source: security@apache.org

Third Party Advisory

https://usn.ubuntu.com/3811-3/

Source: security@apache.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2018:2916

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/201812-07

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3811-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3811-3/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.