CVE - CVE-2006-2447

CVE-ID
CVE-2006-2447	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1016230 URL:http://securitytracker.com/id?1016230 MISC:1016235 URL:http://securitytracker.com/id?1016235 MISC:18290 URL:http://www.securityfocus.com/bid/18290 MISC:2006-0034 URL:~~http://www.trustix.org/errata/2006/0034/~~ (Obsolete source - check if archived by the Wayback Machine) MISC:20060607 rPSA-2006-0096-1 spamassassin URL:http://www.securityfocus.com/archive/1/436288/100/0/threaded MISC:20430 URL:http://secunia.com/advisories/20430 MISC:20443 URL:http://secunia.com/advisories/20443 MISC:20482 URL:http://secunia.com/advisories/20482 MISC:20531 URL:http://secunia.com/advisories/20531 MISC:20566 URL:http://secunia.com/advisories/20566 MISC:20692 URL:http://secunia.com/advisories/20692 MISC:ADV-2006-2148 URL:~~http://www.vupen.com/english/advisories/2006/2148~~ (Obsolete source) MISC:DSA-1090 URL:http://www.debian.org/security/2006/dsa-1090 MISC:GLSA-200606-09 URL:http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml MISC:MDKSA-2006:103 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:103~~ (Obsolete source) MISC:RHSA-2006:0543 URL:http://www.redhat.com/support/errata/RHSA-2006-0543.html MISC:http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html URL:http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html MISC:oval:org.mitre.oval:def:9184 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184 MISC:spamassassin-spamd-command-execution(27008) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/27008
Assigning CNA
Red Hat, Inc.
Date Record Created
20060518	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060518)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)