Executive Summary
| Summary | |
|---|---|
| Title | spamassassin security update |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2006:0543 | First vendor Publication | 2006-06-06 |
| Vendor | RedHat | Last vendor Modification | 2006-06-06 |
| Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5.1 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: Updated spamassassin packages that fix an arbitrary code execution flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: SpamAssassin provides a way to reduce unsolicited commercial email (SPAM) from incoming email. A flaw was found with the way the Spamassassin spamd daemon processes the virtual pop username passed to it. If a site is running spamd with both the - --vpopmail and --paranoid flags, it is possible for a remote user with the ability to connect to the spamd daemon to execute arbitrary commands as the user running the spamd daemon. (CVE-2006-2447) Note: None of the IMAP or POP servers shipped with Red Hat Enterprise Linux 4 support vpopmail delivery. Running spamd with the --vpopmail and - --paranoid flags is uncommon and not the default startup option as shipped with Red Hat Enterprise Linux 4. Spamassassin, as shipped in Red Hat Enterprise Linux 4, performs RBL lookups against visi.com to help determine if an email is spam. However, this DNS RBL has recently disappeared, resulting in mail filtering delays and timeouts. Users of SpamAssassin should upgrade to these updated packages containing version 3.0.6 and backported patches, which are not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 178580 - /etc/sysconfig/spamassasin loses file context and timestamp 191033 - spamassassin looks up broken NS domain (visi.com) 193865 - CVE-2006-2447 spamassassin arbitrary command execution |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2006-0543.html |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:9184 | |||
| Oval ID: | oval:org.mitre.oval:def:9184 | ||
| Title: | SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username. | ||
| Description: | SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2006-2447 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 |
SAINT Exploits
| Description | Link |
|---|---|
| SpamAssassin spamd vpopmail user vulnerability | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 2010-04-30 | SpamAssassin spamd Remote Command Execution |
| 2006-06-06 | SpamAssassin spamd <= 3.1.3 Command Injection |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-10-10 | Name : SLES9: Security update for SpamAssassin File : nvt/sles9p5012105.nasl |
| 2009-02-27 | Name : Fedora Update for spamassassin FEDORA-2007-242 File : nvt/gb_fedora_2007_242_spamassassin_fc5.nasl |
| 2009-02-27 | Name : Fedora Update for spamassassin FEDORA-2007-584 File : nvt/gb_fedora_2007_584_spamassassin_fc5.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200606-09 (Spamassassin) File : nvt/glsa_200606_09.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1090-1 (spamassassin) File : nvt/deb_1090_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 26177 | SpamAssassin spamd vpopmail Username Command Injection SpamAssassin contains a flaw that may allow a malicious user to execute arbitrary commands. The issue is triggered when sending shell commands in the User filed, resulting in a loss of confidentiality and integrity. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | SpamAssassin spamd vpopmail and paranoid options code execution attempt RuleID : 16040 - Revision : 6 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_spamassassin-1904.nasl - Type : ACT_GATHER_INFO |
| 2007-06-14 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-584.nasl - Type : ACT_GATHER_INFO |
| 2007-02-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-242.nasl - Type : ACT_GATHER_INFO |
| 2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-598.nasl - Type : ACT_GATHER_INFO |
| 2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-658.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1090.nasl - Type : ACT_GATHER_INFO |
| 2006-07-05 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0543.nasl - Type : ACT_GATHER_INFO |
| 2006-06-16 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200606-09.nasl - Type : ACT_GATHER_INFO |
| 2006-06-16 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-103.nasl - Type : ACT_GATHER_INFO |
| 2006-06-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0543.nasl - Type : ACT_GATHER_INFO |
| 2006-06-08 | Name : The remote server allows execution of arbitrary commands. File : spamd_vpopmail_cmd_exec.nasl - Type : ACT_ATTACK |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:50:04 |
|
