Mandrake Linux Security Advisory : spamassassin (MDKSA-2007:125)
Low Nessus Plugin ID 25537
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionSpamAssassin 3.1.x, when running as root with unusual configuration options using vpopmail or virtual users, could allow local users to cause a denial of service (via corrupting arbitrary files) using a symlink attack on a file used by spamd.
SpamAssassin 3.1.9, which corrects this flaw, is provided with this update.
SolutionUpdate the affected packages.