5.1

CVE-2006-2447

SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheSpamassassin Version3.1.0
ApacheSpamassassin Version3.1.1
ApacheSpamassassin Version3.1.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 74.7% 0.994
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/20531
Vendor Advisory
http://www.trustix.org/errata/2006/0034/
http://secunia.com/advisories/20430
Patch
Vendor Advisory
http://secunia.com/advisories/20443
Patch
Vendor Advisory
http://secunia.com/advisories/20482
Vendor Advisory
http://secunia.com/advisories/20566
Vendor Advisory
http://secunia.com/advisories/20692
Vendor Advisory
http://securitytracker.com/id?1016230
http://securitytracker.com/id?1016235
http://www.debian.org/security/2006/dsa-1090
Patch
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:103
http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html
Patch
http://www.redhat.com/support/errata/RHSA-2006-0543.html
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/436288/100/0/threaded
http://www.securityfocus.com/bid/18290
Patch
http://www.vupen.com/english/advisories/2006/2148
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27008
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184