CyberSec.Space Logo
Back to CVE Browser

CVE-2006-2447

MEDIUM
5.1
CVSS Severity Score
EPSS Score0.0410%
EPSS Percentile14.43th
PublishedJun 6, 2006
Last ModifiedApr 16, 2026

Vulnerability Description

SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.

Affected Platforms (CPE)

πŸ“¦
Apache

Spamassassin

= 3.1.0
πŸ“¦
Apache

Spamassassin

= 3.1.1
πŸ“¦
Apache

Spamassassin

= 3.1.2

References & Advisories

πŸ”— http://secunia.com/advisories/20430
πŸ”— http://secunia.com/advisories/20443
πŸ”— http://secunia.com/advisories/20482
πŸ”— http://secunia.com/advisories/20531
πŸ”— http://secunia.com/advisories/20566
πŸ”— http://secunia.com/advisories/20692
πŸ”— http://securitytracker.com/id?1016230
πŸ”— http://securitytracker.com/id?1016235

Related Vulnerabilities

CVE-2020-19469.8

In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any...

CVE-2018-117809.8

A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.

CVE-2010-11329.3

The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote a...

CVE-2020-19318.1

A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files c...