CVE-2007-2873

2007-06-1123:30:00

Debian Security Bug Tracker

security-tracker.debian.org

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd.

OSVersionArchitecturePackageVersionFilename
Debian12allspamassassin< 3.2.1-1spamassassin_3.2.1-1_all.deb
Debian11allspamassassin< 3.2.1-1spamassassin_3.2.1-1_all.deb
Debian10allspamassassin< 3.2.1-1spamassassin_3.2.1-1_all.deb
Debian999allspamassassin< 3.2.1-1spamassassin_3.2.1-1_all.deb
Debian13allspamassassin< 3.2.1-1spamassassin_3.2.1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	spamassassin	< 3.2.1-1	spamassassin_3.2.1-1_all.deb
Debian	11	all	spamassassin	< 3.2.1-1	spamassassin_3.2.1-1_all.deb
Debian	10	all	spamassassin	< 3.2.1-1	spamassassin_3.2.1-1_all.deb
Debian	999	all	spamassassin	< 3.2.1-1	spamassassin_3.2.1-1_all.deb
Debian	13	all	spamassassin	< 3.2.1-1	spamassassin_3.2.1-1_all.deb