Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2447

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-2447
Last Modified 07 Apr 2011 12:00:00
Published 06 Jun 2006 05:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2447

Summary

SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.

Vulnerable Systems

Application

  • Apache Spamassassin 3.1.0

  • Apache Spamassassin 3.1.1

  • Apache Spamassassin 3.1.2


References

BID - 18290

REDHAT - RHSA-2006:0543

CONFIRM - http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html

DEBIAN - DSA-1090

SECUNIA - 20443

SECUNIA - 20430

XF - spamassassin-spamd-command-execution(27008)

VUPEN - ADV-2006-2148

TRUSTIX - 2006-0034

BUGTRAQ - 20060607 rPSA-2006-0096-1 spamassassin

MANDRIVA - MDKSA-2006:103

GENTOO - GLSA-200606-09

SECTRACK - 1016235

SECTRACK - 1016230

SECUNIA - 20692

SECUNIA - 20566

SECUNIA - 20531

SECUNIA - 20482


Last Updated: 27 May 2016 10:42:28