TITLE:
SpamAssassin "spamd" Shell Command Injection
Vulnerability
SECUNIA ADVISORY ID:
SA20430
VERIFY ADVISORY:
http://secunia.c
om/advisories/20430/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
From local network
SOFTWARE:
SpamAssassin 3.x
http://secunia.com/p
roduct/4506/
DESCRIPTION:
A vulnerability has been reported in SpamAssassin, which
can
be
exploited by malicious people to compromise a vulnerable
system.
Some unspecified input is not properly sanitised before
being
used.
This can be exploited to inject arbitrary shell commands.
Successful exploitation requires that spamd is used with the
"--vpopmail" and "--paranoid"
switches.
The vulnerability has been reported in version 3.0.3. Other
versions
may also be affected.
SOLUTION:
Update to version 3.0.6 or 3.1.3.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|