CyberSec.Space Logo
CVEブラウザに戻る

CVE-2006-2447

MEDIUM
5.1
CVSS Severity Score
EPSS Score0.0410%
EPSS Percentile14.43th
Published2006年6月6日
Last Modified2026年4月16日

Vulnerability Description

SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.

Affected Platforms (CPE)

📦
Apache

Spamassassin

= 3.1.0
📦
Apache

Spamassassin

= 3.1.1
📦
Apache

Spamassassin

= 3.1.2

References & Advisories

🔗 http://secunia.com/advisories/20430
🔗 http://secunia.com/advisories/20443
🔗 http://secunia.com/advisories/20482
🔗 http://secunia.com/advisories/20531
🔗 http://secunia.com/advisories/20566
🔗 http://secunia.com/advisories/20692
🔗 http://securitytracker.com/id?1016230
🔗 http://securitytracker.com/id?1016235

関連する脆弱性情報

CVE-2020-19469.8

In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any...

CVE-2018-117809.8

A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.

CVE-2010-11329.3

The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote a...

CVE-2020-19318.1

A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files c...