26177 : SpamAssassin spamd vpopmail Username Command Injection
Printer | http://osvdb.org/26177 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
5	1573	almost 7 years ago	almost 3 years ago	7 times	90%

Timeline

Disclosure Date
2006-06-06

Description

SpamAssassin contains a flaw that may allow a malicious user to execute arbitrary commands. The issue is triggered when sending shell commands in the User filed, resulting in a loss of confidentiality and integrity.

Classification

Location: Remote / Network Access, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Solution: Workaround, Upgrade
Exploit: Exploit Public, Exploit Commercial
Disclosure: Vendor Verified
OSVDB: Security Software

Solution

Upgrade to version 3.1.3 or 3.0.6 as the vendor has released a patch to address this issue, or users may opt to apply the following workaround: do not use the vpopmail (-v) and paranoid (-p) modes together, or limit remote access using the allowed IPs (-A) switches.

Products

SpamAssassin		3.1.3 (not affected)
		3.0.6 (not affected)
		3.1.2
		3.0.5

References

Bugtraq ID: 18290
CVE ID: 2006-2447 (see also: NVD)
Secunia Advisory ID: 20430 20443 20482 20531 20566 20692
SCIP VulDB ID: 2299
Metasploit ID: 26177
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0056.html
Other Advisory URL: http://issues.rpath.com/browse/RPL-397
http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml
Generic Exploit URL: http://metasploit.com/dev/trac/browser/framework3/trunk/modules/exploits/unix/misc/spamassassin_exec.rb
http://www.saintcorporation.com
http://www.saintcorporation.com/cgi-bin/exploit_info/spamassassin_spamd_vpopmail
Vendor Specific Advisory URL: http://spamassassin.apache.org/advisories/cve-2006-2447.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2006:103
http://www.trustix.org/errata/2006/0034/
http://www.us.debian.org/security/2006/dsa-1090
Vendor Specific News/Changelog Entry: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=4926 [ Auth Req'd ]
RedHat RHSA: RHSA-2006:0543
Keyword: rPSA-2006-0096-1

Tools & Filters

Snort	16040
	21672 21673 21702 21718 22632 24118 24121 24361 25509 27449
	3640

Credit

Unknown or Incomplete

CVSSv2 Score

CVSSv2 Base Score = 5.1
Source: nvd.nist.gov | Generated: 2006-06-07 | Disagree?

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.