CVE-2018-11805

In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places.

CVSS v3 6.7 MEDIUM
CVSS v2.0 7.2 HIGH

6.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00003.html
http://www.openwall.com/lists/oss-security/2019/12/12/1	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/01/30/2
http://www.openwall.com/lists/oss-security/2020/01/30/3
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7647	Permissions Required
https://lists.apache.org/thread.html/0b5c73809d0690527341d940029f743807b70550050fd23ee869c5e5%40%3Cusers.spamassassin.apache.org%3E
https://lists.apache.org/thread.html/2946b38caec47f7f6a79e8e03d2aa723794186e59a7dc6b5e76dfc18%40%3Cannounce.spamassassin.apache.org%3E
https://lists.apache.org/thread.html/6f89f82a573ea616dce53ec67e52d963618a9f9ac71da5c1efdbd166%40%3Cusers.spamassassin.apache.org%3E
https://lists.apache.org/thread.html/8534b60bae95ac3a8a4adb840f4ab26135f1c973ce197ff44439cbae%40%3Cusers.spamassassin.apache.org%3E
https://lists.apache.org/thread.html/bc58907171c6585e5875a3ce86066d4956c218911cb74e3156de4433%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/c1f59b7e13b7f2c12f847f7d0dec2636df3cdbcaa6d8309007395ff4%40%3Cusers.spamassassin.apache.org%3E
https://lists.apache.org/thread.html/d015dc5b4f24fd6777a85d068502a9c5d58d69d877ed5b0eb9a22cd5%40%3Cdev.spamassassin.apache.org%3E
https://lists.apache.org/thread.html/r217177f7de36deab36dab88db4b6448961122571176dd4b2c133d08e%40%3Cannounce.spamassassin.apache.org%3E
https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74%40%3Cusers.spamassassin.apache.org%3E
https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f%40%3Cusers.spamassassin.apache.org%3E
https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cdev.spamassassin.apache.org%3E
https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cusers.spamassassin.apache.org%3E
https://lists.apache.org/thread.html/r71f789fcd6339144e3d4db8f4128def12c341e638bd0107a0b82a05b%40%3Cannounce.spamassassin.apache.org%3E
https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cdev.spamassassin.apache.org%3E
https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cusers.spamassassin.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Dec/27	Mailing List Third Party Advisory
https://seclists.org/oss-sec/2019/q4/154	Mailing List Third Party Advisory
https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt	Mailing List Vendor Advisory
https://usn.ubuntu.com/4237-1/
https://usn.ubuntu.com/4237-2/
https://www.debian.org/security/2019/dsa-4584	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:spamassassin:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

History

07 Nov 2023, 02:51

Type	Values Removed	Values Added
References	{'url': 'https://lists.apache.org/thread.html/8534b60bae95ac3a8a4adb840f4ab26135f1c973ce197ff44439cbae@%3Cusers.spamassassin.apache.org%3E', 'name': '[spamassassin-users] 20191218 Re: CVE-2018-11805 fix and sa-exim', 'tags': ['Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/6f89f82a573ea616dce53ec67e52d963618a9f9ac71da5c1efdbd166@%3Cusers.spamassassin.apache.org%3E', 'name': '[spamassassin-users] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r217177f7de36deab36dab88db4b6448961122571176dd4b2c133d08e@%3Cannounce.spamassassin.apache.org%3E', 'name': '[spamassassin-announce] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781@%3Cannounce.apache.org%3E', 'name': '[announce] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781@%3Cdev.spamassassin.apache.org%3E', 'name': '[spamassassin-dev] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f@%3Cusers.spamassassin.apache.org%3E', 'name': '[spamassassin-users] 20200131 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/c1f59b7e13b7f2c12f847f7d0dec2636df3cdbcaa6d8309007395ff4@%3Cusers.spamassassin.apache.org%3E', 'name': '[spamassassin-users] 20191218 CVE-2018-11805 fix and sa-exim', 'tags': ['Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/d015dc5b4f24fd6777a85d068502a9c5d58d69d877ed5b0eb9a22cd5@%3Cdev.spamassassin.apache.org%3E', 'name': '[spamassassin-dev] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805', 'tags': ['Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a@%3Cannounce.apache.org%3E', 'name': '[announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/2946b38caec47f7f6a79e8e03d2aa723794186e59a7dc6b5e76dfc18@%3Cannounce.spamassassin.apache.org%3E', 'name': '[spamassassin-announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781@%3Cusers.spamassassin.apache.org%3E', 'name': '[spamassassin-users] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r71f789fcd6339144e3d4db8f4128def12c341e638bd0107a0b82a05b@%3Cannounce.spamassassin.apache.org%3E', 'name': '[spamassassin-announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/bc58907171c6585e5875a3ce86066d4956c218911cb74e3156de4433@%3Cannounce.apache.org%3E', 'name': '[announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a@%3Cusers.spamassassin.apache.org%3E', 'name': '[spamassassin-users] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/0b5c73809d0690527341d940029f743807b70550050fd23ee869c5e5@%3Cusers.spamassassin.apache.org%3E', 'name': '[spamassassin-users] 20191219 Re: CVE-2018-11805 fix and sa-exim', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a@%3Cdev.spamassassin.apache.org%3E', 'name': '[spamassassin-dev] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74@%3Cusers.spamassassin.apache.org%3E', 'name': '[spamassassin-users] 20200130 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available', 'tags': [], 'refsource': 'MLIST'}	() https://lists.apache.org/thread.html/0b5c73809d0690527341d940029f743807b70550050fd23ee869c5e5%40%3Cusers.spamassassin.apache.org%3E - () https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cusers.spamassassin.apache.org%3E - () https://lists.apache.org/thread.html/r71f789fcd6339144e3d4db8f4128def12c341e638bd0107a0b82a05b%40%3Cannounce.spamassassin.apache.org%3E - () https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cdev.spamassassin.apache.org%3E - () https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cdev.spamassassin.apache.org%3E - () https://lists.apache.org/thread.html/6f89f82a573ea616dce53ec67e52d963618a9f9ac71da5c1efdbd166%40%3Cusers.spamassassin.apache.org%3E - () https://lists.apache.org/thread.html/8534b60bae95ac3a8a4adb840f4ab26135f1c973ce197ff44439cbae%40%3Cusers.spamassassin.apache.org%3E - () https://lists.apache.org/thread.html/bc58907171c6585e5875a3ce86066d4956c218911cb74e3156de4433%40%3Cannounce.apache.org%3E - () https://lists.apache.org/thread.html/r217177f7de36deab36dab88db4b6448961122571176dd4b2c133d08e%40%3Cannounce.spamassassin.apache.org%3E - () https://lists.apache.org/thread.html/c1f59b7e13b7f2c12f847f7d0dec2636df3cdbcaa6d8309007395ff4%40%3Cusers.spamassassin.apache.org%3E - () https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cannounce.apache.org%3E - () https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74%40%3Cusers.spamassassin.apache.org%3E - () https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f%40%3Cusers.spamassassin.apache.org%3E - () https://lists.apache.org/thread.html/d015dc5b4f24fd6777a85d068502a9c5d58d69d877ed5b0eb9a22cd5%40%3Cdev.spamassassin.apache.org%3E - () https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cannounce.apache.org%3E - () https://lists.apache.org/thread.html/2946b38caec47f7f6a79e8e03d2aa723794186e59a7dc6b5e76dfc18%40%3Cannounce.spamassassin.apache.org%3E - () https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cusers.spamassassin.apache.org%3E -

Information

Published : 2019-12-12 23:15

Updated : 2023-12-10 13:13

NVD link : CVE-2018-11805

Mitre link : CVE-2018-11805

CVE.ORG link : CVE-2018-11805

JSON object : View

Products Affected

apache

spamassassin

debian

debian_linux

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

6.7 /10