CVE-2010-1132

SpamAssassin Milter Plugin <0.3.1 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1132. PoCs published by kingcope.

AI-analyzed exploit summary The exploit demonstrates a remote command execution vulnerability in the Spamassassin Milter plugin when the expand flag (-x) is enabled. The vulnerability arises from improper handling of the recipient address in a popen() call, allowing arbitrary command execution as root.

Description

The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.

Exploits (1)

exploitdb WORKING POC VERIFIED

by kingcope · textremotemultiple

https://www.exploit-db.com/exploits/11662

View Code ZIP pw:eip

The exploit demonstrates a remote command execution vulnerability in the Spamassassin Milter plugin when the expand flag (-x) is enabled. The vulnerability arises from improper handling of the recipient address in a popen() call, allowing arbitrary command execution as root.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Spamassassin Milter Plugin (spamass-milter-0.3.1)

No auth needed

Prerequisites: Spamassassin Milter running with the expand flag (-x) enabled · Access to the SMTP service (port 25)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (19)

Core 19

Core References

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/0559

Exploit mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/0683

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/39265

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/0837

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/38578

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=572117

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2010/dsa-2021

Various Sources x_refsource_confirm

https://savannah.nongnu.org/bugs/?29136

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/11662

Issue Tracking x_refsource_confirm

http://bugs.debian.org/573228

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038535.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1023691

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/62809

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/56732

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38956

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38840

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038777.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038572.html

Scores

EPSS 0.0851

EPSS Percentile 94.3%

Details

CWE

CWE-78

Status published

Products (1)

georg_greve/spamassassin_milter_plugin 0.3.1

Published Mar 27, 2010

Tracked Since Feb 18, 2026