CVE-2006-2447

Currently unrated

Key Information:

Vendor: Apache
Status: Spamassassin
Vendor: CVE Published:; 6 June 2006

Summary

SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.

References

http://secunia.com/advisories/20482

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/archive/1/436288/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

95% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 6, 2006
Vulnerability Reserved
May 18, 2006