SpamAssassin, when running with certain options, could allow local or even remote attackers to execute arbitrary commands, possibly as the root user.
Package | mail-filter/spamassassin on all architectures |
---|---|
Affected versions | < 3.1.3 |
Unaffected versions | >= 3.1.3 |
SpamAssassin is an extensible email filter used to identify junk email. spamd is the daemonized version of SpamAssassin.
When spamd is run with both the "--vpopmail" (-v) and "--paranoid" (-P) options, it is vulnerable to an unspecified issue.
With certain configuration options, a local or even remote attacker could execute arbitrary code with the rights of the user running spamd, which is root by default, by sending a crafted message to the spamd daemon. Furthermore, the attack can be remotely performed if the "--allowed-ips" (-A) option is present and specifies non-local adresses. Note that Gentoo Linux is not vulnerable in the default configuration.
Don't use both the "--paranoid" (-P) and the "--vpopmail" (-v) options.
All SpamAssassin users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-filter/spamassassin-3.1.3"
Release date
June 11, 2006
Latest revision
June 11, 2006: 01
Severity
high
Exploitable
remote
Bugzilla entries