Remote Command Execution Vulnerability in SpamAssassin by Apache
CVE-2006-2447

Currently unrated

Key Information:

Vendor: Apache
Status: Spamassassin
Vendor: CVE Published:; 6 June 2006

Summary

A flaw in SpamAssassin prior to version 3.1.3 can lead to remote attackers executing arbitrary commands on the server. When running with vpopmail and the paranoid switch (-P), crafted email messages can exploit improper handling of the virtual pop user, leading to potential unauthorized command execution on the affected systems.

References

http://secunia.com/advisories/20482

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/archive/1/436288/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

74% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 6, 2006
Vulnerability Reserved
May 18, 2006