CVE-2006-2447
published 2006-06-06CVE-2006-2447: SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message…
medium5.1CVSS 3.1
AVNACHAuNCPIPAP
EXPLOIT
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | spamassassin | — | — |
| apache | spamassassin | — | — |
| apache | spamassassin | — | — |
| apache | spamassassin | >= 0 < 3.1.3-1 | 3.1.3-1 |
| apache | spamassassin | >= 0 < 3.1.3-1 | 3.1.3-1 |
| apache | spamassassin | >= 0 < 3.1.3-1 | 3.1.3-1 |
| apache | spamassassin | >= 0 < 3.1.3-1 | 3.1.3-1 |
| debian | spamassassin | < spamassassin 3.1.3-1 (bookworm) | spamassassin 3.1.3-1 (bookworm) |
CVSS provenance
nvd5.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
osv5.1MEDIUM