CVE-2007-2873

2007-06-1123:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

spamassassin

cve-2007-2873

denial of service

symlink attack

nvd

6.1 Medium

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd.

CPENameOperatorVersion
spamassassin:spamassassinspamassassineq3.1.1
spamassassin:spamassassinspamassassineq3.1.5
spamassassin:spamassassinspamassassineq3.1.8
spamassassin:spamassassinspamassassineq3.1.7
spamassassin:spamassassinspamassassineq3.1.4
spamassassin:spamassassinspamassassineq3.1.3
spamassassin:spamassassinspamassassineq3.2.1
spamassassin:spamassassinspamassassineq3.1.6
spamassassin:spamassassinspamassassineq3.1.9
spamassassin:spamassassinspamassassineq3.2.0

CPE	Name	Operator	Version
spamassassin:spamassassin	spamassassin	eq	3.1.1
spamassassin:spamassassin	spamassassin	eq	3.1.5
spamassassin:spamassassin	spamassassin	eq	3.1.8
spamassassin:spamassassin	spamassassin	eq	3.1.7
spamassassin:spamassassin	spamassassin	eq	3.1.4
spamassassin:spamassassin	spamassassin	eq	3.1.3
spamassassin:spamassassin	spamassassin	eq	3.2.1
spamassassin:spamassassin	spamassassin	eq	3.1.6
spamassassin:spamassassin	spamassassin	eq	3.1.9
spamassassin:spamassassin	spamassassin	eq	3.2.0