openSUSE 10 Security Update : spamassassin (spamassassin-1904)

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update fixes the following security problem in SpamAssassin :

- CVE-2006-2447: SpamAssassin when running with vpopmail
and the paranoid (-P) switch, allows remote attackers to
execute arbitrary commands via a crafted message that is
not properly handled when invoking spamd with the
virtual pop username.

At the same time we upgraded SpamAssassin to version 3.1.3, bringing
lots of bug fixes and new rules.

Please make sure you verify that it still works with your
configuration.

Also included is now 'sa-update', a rule update script. For this
script to work make sure that the perl-IO-ZLib and perl-libwww-perl
packages are installed.

Solution :

Update the affected spamassassin packages.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 27449 ()

Bugtraq ID:

CVE ID: CVE-2006-2447

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now