Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.56890
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1090-1 (spamassassin)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to spamassassin
announced via advisory DSA 1090-1.

A vulnerability has been discoverd in SpamAssassin, a Perl-based spam
filter using text analysis, that can allow remote attackers to execute
arbitrary commands. This problem only affects systems where spamd is
reachable via the internet and used with vpopmail virtual users, via
the -v / --vpopmail switch, and with the -P / --paranoid
switch which is not the default setting on Debian.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 3.0.3-2sarge1.

For the volatile archive for the stable distribution (sarge) this
problem has been fixed in version 3.1.0a-0volatile3.

For the unstable distribution (sid) this problem has been fixed in
version 3.1.3-1.

We recommend that you upgrade your spamd package.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201090-1

CVSS Score:
5.1

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-2447
BugTraq ID: 18290
http://www.securityfocus.com/bid/18290
Bugtraq: 20060607 rPSA-2006-0096-1 spamassassin (Google Search)
http://www.securityfocus.com/archive/1/436288/100/0/threaded
Debian Security Information: DSA-1090 (Google Search)
http://www.debian.org/security/2006/dsa-1090
http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:103
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184
http://www.redhat.com/support/errata/RHSA-2006-0543.html
http://securitytracker.com/id?1016230
http://securitytracker.com/id?1016235
http://secunia.com/advisories/20430
http://secunia.com/advisories/20443
http://secunia.com/advisories/20482
http://secunia.com/advisories/20531
http://secunia.com/advisories/20566
http://secunia.com/advisories/20692
http://www.trustix.org/errata/2006/0034/
http://www.vupen.com/english/advisories/2006/2148
XForce ISS Database: spamassassin-spamd-command-execution(27008)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27008
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.