SpamAssassin spamd Crafted Message Arbitrary Command Execution

This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.

Synopsis :

The remote server allows execution of arbitrary commands.

Description :

The remote host is running spamd, a daemon belonging to SpamAssassin
and used to determine whether messages represent spam.

The installed version of spamd on the remote host appears to allow an
unauthenticated user to execute arbitrary commands, subject to the
privileges of the user under which it operates.

See also :

Solution :

Upgrade to SpamAssassin 3.0.6 / 3.1.3 or later.

Risk factor :

Medium / CVSS Base Score : 5.1
CVSS Temporal Score : 4.0
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 21673 ()

Bugtraq ID: 18290

CVE ID: CVE-2006-2447

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now