CVE-2006-2447
Published: 6 June 2006
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
Priority
Status
Package | Release | Status |
---|---|---|
spamassassin Launchpad, Ubuntu, Debian |
dapper |
Released
(3.1.0a-2ubuntu1.1)
|
edgy |
Released
(3.1.4-1ubuntu1)
|
|
feisty |
Released
(3.1.4-1ubuntu1)
|
|
upstream |
Needs triage
|