Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200606-09 (Spamassassin)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56936

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200606-09 (Spamassassin)

Resumen: The remote host is missing updates announced in;advisory GLSA 200606-09.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200606-09.

Vulnerability Insight:
SpamAssassin, when running with certain options, could allow local or even
remote attackers to execute arbitrary commands, possibly as the root user.

Solution:
All SpamAssassin users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=mail-filter/spamassassin-3.1.3'

CVSS Score:
5.1

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-2447
1016230
http://securitytracker.com/id?1016230
1016235
http://securitytracker.com/id?1016235
18290
http://www.securityfocus.com/bid/18290
2006-0034
http://www.trustix.org/errata/2006/0034/
20060607 rPSA-2006-0096-1 spamassassin
http://www.securityfocus.com/archive/1/436288/100/0/threaded
20430
http://secunia.com/advisories/20430
20443
http://secunia.com/advisories/20443
20482
http://secunia.com/advisories/20482
20531
http://secunia.com/advisories/20531
20566
http://secunia.com/advisories/20566
20692
http://secunia.com/advisories/20692
ADV-2006-2148
http://www.vupen.com/english/advisories/2006/2148
DSA-1090
http://www.debian.org/security/2006/dsa-1090
GLSA-200606-09
http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml
MDKSA-2006:103
http://www.mandriva.com/security/advisories?name=MDKSA-2006:103
RHSA-2006:0543
http://www.redhat.com/support/errata/RHSA-2006-0543.html
http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html
oval:org.mitre.oval:def:9184
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184
spamassassin-spamd-command-execution(27008)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27008

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56936
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200606-09 (Spamassassin)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200606-09.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200606-09. Vulnerability Insight: SpamAssassin, when running with certain options, could allow local or even remote attackers to execute arbitrary commands, possibly as the root user. Solution: All SpamAssassin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-filter/spamassassin-3.1.3' CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2447 1016230 http://securitytracker.com/id?1016230 1016235 http://securitytracker.com/id?1016235 18290 http://www.securityfocus.com/bid/18290 2006-0034 http://www.trustix.org/errata/2006/0034/ 20060607 rPSA-2006-0096-1 spamassassin http://www.securityfocus.com/archive/1/436288/100/0/threaded 20430 http://secunia.com/advisories/20430 20443 http://secunia.com/advisories/20443 20482 http://secunia.com/advisories/20482 20531 http://secunia.com/advisories/20531 20566 http://secunia.com/advisories/20566 20692 http://secunia.com/advisories/20692 ADV-2006-2148 http://www.vupen.com/english/advisories/2006/2148 DSA-1090 http://www.debian.org/security/2006/dsa-1090 GLSA-200606-09 http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml MDKSA-2006:103 http://www.mandriva.com/security/advisories?name=MDKSA-2006:103 RHSA-2006:0543 http://www.redhat.com/support/errata/RHSA-2006-0543.html http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html oval:org.mitre.oval:def:9184 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184 spamassassin-spamd-command-execution(27008) https://exchange.xforce.ibmcloud.com/vulnerabilities/27008
Copyright	Copyright (C) 2008 E-Soft Inc.