SpamAssassin spamd vpopmail Username Command Injection
Medium Nessus Network Monitor Plugin ID 3640
SynopsisThe remote host is vulnerable to an arbitrary 'command insertion' flaw.
DescriptionThe remote host is running SpamAssassin, an anti-spam software application that detects and blocks spam emails. Due to a content-parsing error, SpamAssassin can be tricked into executing arbitrary commands with the privileges of the SpamAssassin spamd process. Additionally, the remote version of SpamAssassin must be running with either '--vpopmail' or '--paranoid' enabled.
SolutionUpgrade or patch according to vendor recommendations.