SpamAssassin spamd vpopmail user vulnerability

2006-06-09T00:00:00
ID SAINT:41DBC7F692C221579B07A845DD000FEA
Type saint
Reporter SAINT Corporation
Modified 2006-06-09T00:00:00

Description

Added: 06/09/2006
CVE: CVE-2006-2447
BID: 18290
OSVDB: 26177

Background

SpamAssassin identifies spam e-mail using a variety of local and network based tests. **spamd** is a component of SpamAssassin which allows it to run as a network daemon.

Problem

When the vpopmail (-v) and paranoid (-P) options are used with **spamd**, the user name specified by the client is included in a shell command without sufficient checking for invalid characters. This allows arbitrary command execution by remote attackers.

Resolution

Upgrade to SpamAssassin 3.1.3 or higher.

References

<http://www.securityfocus.com/archive/1/436288>

Limitations

This exploit will only succeed when run from an address which is explicitly allowed by **spamd**.