SpamAssassin, when running with certain options, could allow local or even remote attackers to execute arbitrary commands, possibly as the root user.
|Package||mail-filter/spamassassin on all architectures|
|Affected versions||< 3.1.3|
|Unaffected versions||>= 3.1.3|
SpamAssassin is an extensible email filter used to identify junk email. spamd is the daemonized version of SpamAssassin.
When spamd is run with both the "--vpopmail" (-v) and "--paranoid" (-P) options, it is vulnerable to an unspecified issue.
With certain configuration options, a local or even remote attacker could execute arbitrary code with the rights of the user running spamd, which is root by default, by sending a crafted message to the spamd daemon. Furthermore, the attack can be remotely performed if the "--allowed-ips" (-A) option is present and specifies non-local adresses. Note that Gentoo Linux is not vulnerable in the default configuration.
Don't use both the "--paranoid" (-P) and the "--vpopmail" (-v) options.
All SpamAssassin users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-filter/spamassassin-3.1.3"
June 11, 2006
June 11, 2006: 01