SpamAssassin spamd vpopmail user vulnerability

Added: 06/09/2006
CVE: CVE-2006-2447
BID: 18290
OSVDB: 26177

Background

SpamAssassin identifies spam e-mail using a variety of local and network based tests. spamd is a component of SpamAssassin which allows it to run as a network daemon.

Problem

When the vpopmail (-v) and paranoid (-P) options are used with spamd, the user name specified by the client is included in a shell command without sufficient checking for invalid characters. This allows arbitrary command execution by remote attackers.

Resolution

Upgrade to SpamAssassin 3.1.3 or higher.

References

http://www.securityfocus.com/archive/1/436288

Limitations

This exploit will only succeed when run from an address which is explicitly allowed by spamd.
Back to exploit index