Mandrake Linux Security Advisory : spamassassin (MDKSA-2007:125)

Low Nessus Plugin ID 25537


The remote Mandrake Linux host is missing one or more security updates.


SpamAssassin 3.1.x, when running as root with unusual configuration options using vpopmail or virtual users, could allow local users to cause a denial of service (via corrupting arbitrary files) using a symlink attack on a file used by spamd.

SpamAssassin 3.1.9, which corrects this flaw, is provided with this update.


Update the affected packages.

See Also

Plugin Details

Severity: Low

ID: 25537

File Name: mandrake_MDKSA-2007-125.nasl

Version: $Revision: 1.13 $

Type: local

Published: 2007/06/18

Modified: 2013/06/01

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 1.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:perl-Mail-SpamAssassin, p-cpe:/a:mandriva:linux:spamassassin, p-cpe:/a:mandriva:linux:spamassassin-spamc, p-cpe:/a:mandriva:linux:spamassassin-spamd, p-cpe:/a:mandriva:linux:spamassassin-tools, cpe:/o:mandriva:linux:2007, cpe:/o:mandriva:linux:2007.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2007/06/14

Reference Information

CVE: CVE-2007-2873

MDKSA: 2007:125