Jump to content

Advisories (MDKSA-2006:103 ): spamassassin


Recommended Posts

Mandriva Advisories MDKSA-2006:103 : spamassassin


Updated spamassassin packages fix vulnerability

June 14th, 2006


A flaw was discovered in the way that spamd processes the virtual POP


usernames passed to it.If running with the --vpopmail and --paranoid


flags, it is possible for a remote user with the ability to connect to


the spamd daemon to execute arbitrary commands as the user running






By default, the Spamassassin packages do not start spamd with either


of these flags and this usage is uncommon.




The updated packages have been patched to correct this issue.



The released versions of Mandriva GNU/Linux affected are:

  • CS3.0
  • 10.2
  • 2006.0

Full information about this advisory, including the updated packages, is available at:



Other references:



Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)

Link to comment
Share on other sites


  • Create New...