- Home
- CVEs with nessus.description==The remote host is affected by the vulnerability described in GLSA-200606-09 (SpamAssassin: Execution of arbitrary code)
When spamd is run with both the '--vpopmail' (-v) and '--paranoid' (-P) options, it is vulnerable to an unspecified issue.
Impact :
With certain configuration options, a local or even remote attacker could execute arbitrary code with the rights of the user running spamd, which is root by default, by sending a crafted message to the spamd daemon. Furthermore, the attack can be remotely performed if the '--allowed-ips' (-A) option is present and specifies non-local adresses. Note that Gentoo Linux is not vulnerable in the default configuration.
Workaround :
Don't use both the '--paranoid' (-P) and the '--vpopmail' (-v) options.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top