Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194290
Summary: CVE-2006-2447 spamassassin arbitrary command execution
Product: Fedora Core
Version: fc5
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: spamassassin
AssignedTo: wtogami(a)redhat.com
ReportedBy: bressers(a)redhat.com
CC: fedora-perl-devel-
list@redhat.com,felicity@kluge.net,jm(a)jmason.org,parkerm
@pobox.com,reg+redhat(a)sidney.com,security-response-
team@redhat.com,wtogami(a)redhat.com
+++ This bug was initially created as a clone of Bug #193865 +++
CVE-2006-2447 spamassassin arbitrary command execution
If spamd is run with the
"-v" / "--vpopmail" switch, AND with the "-P" /
"--paranoid" switch
It becomes possible to execute arbitrary commands as the user spamd is
running as.
This issue is mitigated by the fact that no imap servers as shipped
with RHEL support vpopmail. These options are also not the default
spamd options when it is started as a service.
This issue should also affect FC4
--
Configure bugmail:
https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.