CVE-2006-2447

Severity

51%

Complexity

49%

Confidentiality

106%

SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.

SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.

CVSS 2.0 Base Score 5.1. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P).

Overview

Type

Apache Software Foundation SpamAssassin

First reported 18 years ago

2006-06-06 21:06:00

Last updated 6 years ago

2018-10-18 16:40:00

Affected Software

Apache Software Foundation SpamAssassin 3.1.0

3.1.0

Apache Software Foundation SpamAssassin 3.1.1

3.1.1

Apache Software Foundation SpamAssassin 3.1.2

3.1.2

References

20430

Patch, Vendor Advisory

20443

Patch, Vendor Advisory

20482

Vendor Advisory

20531

Vendor Advisory

20566

Vendor Advisory

20692

Vendor Advisory

1016230

1016235

DSA-1090

Patch, Vendor Advisory

GLSA-200606-09

MDKSA-2006:103

http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html

Patch

RHSA-2006:0543

Patch, Vendor Advisory

20060607 rPSA-2006-0096-1 spamassassin

18290

Patch

2006-0034

ADV-2006-2148

Vendor Advisory

spamassassin-spamd-command-execution(27008)

oval:org.mitre.oval:def:9184

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.