Securing Antispam Software
Several antispam products have insecurities that may have been patched. References are provided to security databases, where available.
| Vendor Page | Advice to Help Secure the Software | Vulnerability References |
| Akismet | Akismet Vulnerability | CVE-2007-2714 BID:23965 |
| Barracuda (and Technical Alerts) |
Barracuda spam firewall web interface allows execution of commands by unauthenticated users Barracuda Spam Firewall Administrator Level Command Execution |
|
| Barracuda Spam Firewall Multiple Vulnerabilities | ||
| Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall | CVE-2004-0234 BID:10243 |
|
| Bogofilter | bogofilter quoted-printable decoder denial of service | CVE-2004-1007 BID:11568 XFDB-17916 SA-13035 |
| bogofilter contrib/bogopass tmp file symlink | BID:6278 XFDB-10726 |
|
| DSPAM | DSPAM Default Permissions Vulnerability | BID:8623 XFDB-13197 |
| Gordano GMS Anti-spam | Gordano Anti-spam bypass | SA-7642 |
| Gordano GMS Mail | Gordano GMS Mail rwords filter can be bypassed | BID:6362 XFDB-10893 |
| Bypass of JUCE check with "FROM:<>" | XFDB-10657 | |
| InterScan eManager | InterScan eManager buffer overflow could allow the execution of arbitrary code | CVE-2001-0958 CERT-167739 BID:3327 XFDB-7104 |
| Kerio MailServer spam filter | Kerio MailServer Spam Filter Buffer Overflow Vulnerability | BID:9975 XFDB-15592 SA-11207 |
| MailEssentials | MailEssentials HTML parser denial of service | CVE-2004-1312 BID:12148 XFDB-18725 |
| Razor-agents | Razor-agents HTML messages denial of service | CVE-2005-2024 BID:13984 XFDB-21046 XFDB-21047 |
| SpamAssassin | SpamAssassin overly long URLs handling Denial of Service | CVE-2007-0451 BID:22584 |
| SpamAssassin Message Handling Denial of Service Vulnerability | SA-12255 | |
| SpamAssassin execution of arbitrary code | SA-7951 | |
| SpamAssassin Message Header Processing Denial of Service | SA-15704 | |
| SpamAssassin spamc BSMTP-B off-by-one buffer overflow | BID:6679 XFDB-11154 |
|
| CVE-2006-2447 BID:18290 |
||
| SpamCop | SpamCop URL number increment sequence prediction | XFDB-5933 |
| spamGuard | spamGuard Multiple Buffer Overflow Vulnerabilities | SA-11747 |
| spamGuard multiple buffer overflows | ||
| SpamProbe | SpamProbe Denial of Service | SA-7994 |
| SpamProbe HTML tag new line denial of service | BID:6739 XFDB-11247 |
|
| Symantec Brightmail | Brightmail Unauthorised Access to Filtered Mails | XFDB-16609 SA-12010 |
| Symantec Brightmail Anti-Spam Spamhunter UTF encoding error | CERT-697598 | |
| Symantec Brightmail Anti-Spam Spamhunter denial of service | CVE-2004-1768 BID:12001 BID:12063 XFDB-18530 |
|
| Symantec Brightmail Anti-Spam Sieve denial of service | XFDB-18529 | |
| Symantec Brightmail AntiSpam Static Database Password | CVE-2005-1867 BID:13828 XFDB-20804 SA-15562 |
|
| Symantec Brightmail AntiSpam Notifier Denial of Service | BID:12063 XFDB-18629 SA-13593 |
|
| Symantec Brightmail Denial of Service Vulnerabilities | SA-13489 | |
Symantec Multiple Products UPX Parsing Engine Buffer Overflow |
SA-14179 | |
| Symantec Norton AntiSpam | Symantec Norton AntiSpam ActiveX Component Buffer Overflow Vulnerability | CERT-344718 SA-11169 |
| Zaep AntiSpam | Zaep AntiSpam Cross Site Scripting Vulnerability | CVE-2004-1939 BID:10139 XFDB-15858 SA-11388 |
everything you didn't want to have to know about spam
Hosted by spam.abuse.net, with help from Neil Schwartzman. Domain registration by Gregg DesElms. Logo by Art101.
This work is licensed under a Creative Commons License. SPAM is a trademark of Hormel Foods.
Page last updated: 20-May-2007
This work is licensed under a Creative Commons License. SPAM is a trademark of Hormel Foods.
Page last updated: 20-May-2007