CVE-2010-3292

Summary

The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing.

Affected Software

VendorProductVersion RangeStatus
mailscannermailscanner4.79.11-2affected

Weaknesses

  • may use spoofed data

ADP Enrichment

CVE Program Container

Additional References

References