Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

SpamAssassin spamd vpopmail Username Command Injection



The remote host is vulnerable to an arbitrary 'command insertion' flaw.


The remote host is running SpamAssassin, an anti-spam software application that detects and blocks spam emails. Due to a content-parsing error, SpamAssassin can be tricked into executing arbitrary commands with the privileges of the SpamAssassin spamd process. Additionally, the remote version of SpamAssassin must be running with either '--vpopmail' or '--paranoid' enabled.


Upgrade or patch according to vendor recommendations.