[原文]Multiple stack-based and heap-based buffer overflows in EnderUNIX spamGuard before 1.7-BETA allow remote attackers to execute arbitrary code via the (1) qmail_parseline and (2) sendmail_parseline functions in parser.c, (3) loadconfig and (4) removespaces functions in loadconfig.c, and possibly (5) unspecified functions in functions.c.
Multiple remote overflows exist in spamGuard. The qmail_parseline and sendmail_parseline functions in parser.c fail to validate input resulting in buffer overflows. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
Upgrade to version 1.7-BETA or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.