Mandrake Linux Security Advisory : spamassassin (MDKSA-2006:103)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A flaw was discovered in the way that spamd processes the virtual POP
usernames passed to it. If running with the --vpopmail and --paranoid
flags, it is possible for a remote user with the ability to connect to
the spamd daemon to execute arbitrary commands as the user running
spamd.

By default, the Spamassassin packages do not start spamd with either
of these flags and this usage is uncommon.

The updated packages have been patched to correct this issue.

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 21718 (mandrake_MDKSA-2006-103.nasl)

Bugtraq ID:

CVE ID: CVE-2006-2447

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now