16 matches found
SpamAssassin spamd Remote Command Execution
No description provided by source. $Id: spamassassinexec.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
SpamAssassin spamd <= 3.1.3 - Command Injection
No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...
CVE-2006-2447
creationtimestamp| type| source ---|---|--- 2010-04-30 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16920 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/misc/spamassassinexec.rb 2025-02-06 03:13:38+00:00| seen|...
SpamAssassin spamd - Remote Command Execution (Metasploit)
$Id: spamassassinexec.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
SpamAssassin spamd Remote Command Execution
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'SpamAssassin...
SLES9: Security update for SpamAssassin
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: perl-spamassassin spamassassin For more information, please visit the referenced security advisories. More details may also be found by searching for keyword...
Fedora Update for spamassassin FEDORA-2007-242
Check for the Version of spamassassin OpenVAS Vulnerability Test Fedora Update for spamassassin FEDORA-2007-242 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...
SpamAssassin spamd Remote Command Execution
This module exploits a flaw in the SpamAssassin spamd service by specifying a malicious vpopmail User header, when running with vpopmail and paranoid modes enabled non-default. Versions prior to v3.1.3 are vulnerable This module requires Metasploit: https://metasploit.com/download Current source:...
openSUSE 10 Security Update : spamassassin (spamassassin-1904)
This update fixes the following security problem in SpamAssassin : - CVE-2006-2447: SpamAssassin when running with vpopmail and the paranoid -P switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop...
Fedora Core 5 : spamassassin-3.1.9-1.fc5.1 (2007-584)
Local symlink vulnerability. Fedora is not vulnerable in any default or common configurations. Read upstream's announcement for details. http://spamassassin.apache.org/advisories/CVE-2007-2873.txt Note that Tenable Network Security has extracted the preceding description block directly from the...
Fedora Core 5 : spamassassin-3.1.8-1.fc5 (2007-242)
This upgrades to version 3.1.8, which fixes some bugs and CVE-2007-0451 Malformed HTML Denial of Service. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much...
Fedora Core 5 : spamassassin-3.1.3-1.fc5 (2006-598)
3.1.3 Resolves CVE-2006-2447. Note that you are affected by this bug only if you launched spamd with both --vpopmail and --paranoid, which is not a common configuration. Also included are bug fixes from 3.1.2. Note that Tenable Network Security has extracted the preceding description block direct...
SpamAssassin spamd vpopmail user vulnerability
Added: 06/09/2006 CVE: CVE-2006-2447 BID: 18290 OSVDB: 26177 Background SpamAssassin identifies spam e-mail using a variety of local and network based tests. spamd is a component of SpamAssassin which allows it to run as a network daemon. Problem When the vpopmail -v and paranoid -P options are...
RHEL 4 : spamassassin (RHSA-2006:0543)
Updated spamassassin packages that fix an arbitrary code execution flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SpamAssassin provides a way to reduce unsolicited commercial email SPAM from incoming email. A flaw was...
CVE-2006-2447
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid -P switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username...
CVE-2006-2447
CVE-2006-2447 affects SpamAssassin spamd prior to 3.1.3 when run with vpopmail (--vpopmail) and paranoid (--paranoid) options. A crafted message sent to the spamd daemon can cause remote execution of arbitrary commands in the spamd process’ user context. Public references describe multiple adviso...