| Vulnerability Name: | CVE-2006-2447 (CCN-27008) | ||||||||||||||||||||
| Assigned: | 2006-06-06 | ||||||||||||||||||||
| Published: | 2006-06-06 | ||||||||||||||||||||
| Updated: | 2018-10-18 | ||||||||||||||||||||
| Summary: | SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username. | ||||||||||||||||||||
| CVSS v3 Severity: | 4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||
| CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Wed Jun 07 2006 - 13:07:50 CDT rPSA-2006-0096-1 spamassassin Source: MITRE Type: CNA CVE-2006-2447 Source: CCN Type: RHSA-2006-0543 spamassassin security update Source: CCN Type: SA20430 SpamAssassin "spamd" Shell Command Injection Vulnerability Source: SECUNIA Type: Patch, Vendor Advisory 20430 Source: SECUNIA Type: Patch, Vendor Advisory 20443 Source: SECUNIA Type: Vendor Advisory 20482 Source: SECUNIA Type: Vendor Advisory 20531 Source: SECUNIA Type: Vendor Advisory 20566 Source: SECUNIA Type: Vendor Advisory 20692 Source: CCN Type: SECTRACK ID: 1016230 SpamAssassin handle_user() Bug Lets Remote Users Execute Arbitrary Commands Source: SECTRACK Type: UNKNOWN 1016230 Source: CCN Type: SECTRACK ID: 1016235 (Red Hat Issues Fix) SpamAssassin handle_user() Bug Lets Remote Users Execute Arbitrary Commands Source: SECTRACK Type: UNKNOWN 1016235 Source: CCN Type: SpamAssassin Web site SpamAssassin: Downloads Source: CCN Type: ASA-2006-121 spamassassin security update (RHSA-2006-0543) Source: DEBIAN Type: Patch, Vendor Advisory DSA-1090 Source: DEBIAN Type: DSA-1090 spamassassin -- programming error Source: CCN Type: GLSA-200606-09 SpamAssassin: Execution of arbitrary code Source: GENTOO Type: UNKNOWN GLSA-200606-09 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:103 Source: CCN Type: SpamAssassin-Users Forum, 2006-06-05 12:13 ANNOUNCE: Apache SpamAssassin 3.1.3 available! Source: CONFIRM Type: Patch http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html Source: REDHAT Type: Patch, Vendor Advisory RHSA-2006:0543 Source: BUGTRAQ Type: UNKNOWN 20060607 rPSA-2006-0096-1 spamassassin Source: BID Type: Patch 18290 Source: CCN Type: BID-18290 SpamAssassin Vpopmail and Paranoid Switches Remote Command Execution Vulnerability Source: TRUSTIX Type: UNKNOWN 2006-0034 Source: VUPEN Type: Vendor Advisory ADV-2006-2148 Source: XF Type: UNKNOWN spamassassin-spamd-command-execution(27008) Source: XF Type: UNKNOWN spamassassin-spamd-command-execution(27008) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9184 | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||