New Search

SpamAssassin before 3.1.3 when running with vpopmail and the paranoid (-P) switch allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.

oval:org.mitre.oval:def:9184

SpamAssassin before 3.1.3 when running with vpopmail and the paranoid (-P) switch allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 4
  • Oracle Linux 4
  • Red Hat Enterprise Linux 4
Class:
vulnerability
Reference(s):
  • CVE-2006-2447
Product(s):