Mandrake Linux Security Advisory : spamassassin (MDKSA-2006:103)

2006-06-16T00:00:00
ID MANDRAKE_MDKSA-2006-103.NASL
Type nessus
Reporter Tenable
Modified 2018-07-19T00:00:00

Description

A flaw was discovered in the way that spamd processes the virtual POP usernames passed to it. If running with the --vpopmail and --paranoid flags, it is possible for a remote user with the ability to connect to the spamd daemon to execute arbitrary commands as the user running spamd.

By default, the Spamassassin packages do not start spamd with either of these flags and this usage is uncommon.

The updated packages have been patched to correct this issue.

                                        
                                            #%NASL_MIN_LEVEL 70103

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2006:103. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(21718);
  script_version ("1.15");
  script_cvs_date("Date: 2018/07/19 20:59:14");

  script_cve_id("CVE-2006-2447");
  script_xref(name:"MDKSA", value:"2006:103");

  script_name(english:"Mandrake Linux Security Advisory : spamassassin (MDKSA-2006:103)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A flaw was discovered in the way that spamd processes the virtual POP
usernames passed to it. If running with the --vpopmail and --paranoid
flags, it is possible for a remote user with the ability to connect to
the spamd daemon to execute arbitrary commands as the user running
spamd.

By default, the Spamassassin packages do not start spamd with either
of these flags and this usage is uncommon.

The updated packages have been patched to correct this issue."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'SpamAssassin spamd Remote Command Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-Mail-SpamAssassin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:spamassassin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:spamassassin-spamc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:spamassassin-spamd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:spamassassin-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/06/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/06/16");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK10.2", reference:"perl-Mail-SpamAssassin-3.0.4-0.3.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"spamassassin-3.0.4-0.3.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"spamassassin-spamc-3.0.4-0.3.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"spamassassin-spamd-3.0.4-0.3.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"spamassassin-tools-3.0.4-0.3.102mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK2006.0", reference:"perl-Mail-SpamAssassin-3.0.4-3.3.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"spamassassin-3.0.4-3.3.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"spamassassin-spamc-3.0.4-3.3.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"spamassassin-spamd-3.0.4-3.3.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"spamassassin-tools-3.0.4-3.3.20060mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");