aru Posted June 16, 2006 Report Share Posted June 16, 2006 Mandriva Advisories MDKSA-2006:103 : spamassassin Updated spamassassin packages fix vulnerability June 14th, 2006 A flaw was discovered in the way that spamd processes the virtual POP usernames passed to it.If running with the --vpopmail and --paranoid flags, it is possible for a remote user with the ability to connect to the spamd daemon to execute arbitrary commands as the user running spamd. By default, the Spamassassin packages do not start spamd with either of these flags and this usage is uncommon. The updated packages have been patched to correct this issue. The released versions of Mandriva GNU/Linux affected are: CS3.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:103 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2447 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $) Link to comment Share on other sites More sharing options...
Recommended Posts