[Bug 194290] New: CVE-2006-2447 spamassassin arbitrary command execution
bugzilla at redhat.com
bugzilla at redhat.com
Tue Jun 6 21:23:45 UTC 2006
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194290
Summary: CVE-2006-2447 spamassassin arbitrary command execution
Product: Fedora Core
Version: fc5
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: spamassassin
AssignedTo: wtogami at redhat.com
ReportedBy: bressers at redhat.com
CC: fedora-perl-devel-
list at redhat.com,felicity at kluge.net,jm at jmason.org,parkerm
@pobox.com,reg+redhat at sidney.com,security-response-
team at redhat.com,wtogami at redhat.com
+++ This bug was initially created as a clone of Bug #193865 +++
CVE-2006-2447 spamassassin arbitrary command execution
If spamd is run with the
"-v" / "--vpopmail" switch, AND with the "-P" / "--paranoid" switch
It becomes possible to execute arbitrary commands as the user spamd is
running as.
This issue is mitigated by the fact that no imap servers as shipped
with RHEL support vpopmail. These options are also not the default
spamd options when it is started as a service.
This issue should also affect FC4
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the Fedora-perl-devel-list
mailing list