Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2006:103 (spamassassin)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56952

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2006:103 (spamassassin)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to spamassassin
announced via advisory MDKSA-2006:103.

A flaw was discovered in the way that spamd processes the virtual POP
usernames passed to it. If running with the --vpopmail and --paranoid
flags, it is possible for a remote user with the ability to connect to
the spamd daemon to execute arbitrary commands as the user running
spamd.

By default, the Spamassassin packages do not start spamd with either
of these flags and this usage is uncommon.

The updated packages have been patched to correct this issue.

Affected: 10.2, 2006.0, Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:103

Risk factor : High

CVSS Score:
5.1

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-2447
1016230
http://securitytracker.com/id?1016230
1016235
http://securitytracker.com/id?1016235
18290
http://www.securityfocus.com/bid/18290
2006-0034
http://www.trustix.org/errata/2006/0034/
20060607 rPSA-2006-0096-1 spamassassin
http://www.securityfocus.com/archive/1/436288/100/0/threaded
20430
http://secunia.com/advisories/20430
20443
http://secunia.com/advisories/20443
20482
http://secunia.com/advisories/20482
20531
http://secunia.com/advisories/20531
20566
http://secunia.com/advisories/20566
20692
http://secunia.com/advisories/20692
ADV-2006-2148
http://www.vupen.com/english/advisories/2006/2148
DSA-1090
http://www.debian.org/security/2006/dsa-1090
GLSA-200606-09
http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml
MDKSA-2006:103
http://www.mandriva.com/security/advisories?name=MDKSA-2006:103
RHSA-2006:0543
http://www.redhat.com/support/errata/RHSA-2006-0543.html
http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html
oval:org.mitre.oval:def:9184
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184
spamassassin-spamd-command-execution(27008)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27008

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56952
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2006:103 (spamassassin)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to spamassassin announced via advisory MDKSA-2006:103. A flaw was discovered in the way that spamd processes the virtual POP usernames passed to it. If running with the --vpopmail and --paranoid flags, it is possible for a remote user with the ability to connect to the spamd daemon to execute arbitrary commands as the user running spamd. By default, the Spamassassin packages do not start spamd with either of these flags and this usage is uncommon. The updated packages have been patched to correct this issue. Affected: 10.2, 2006.0, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:103 Risk factor : High CVSS Score: 5.1
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2447 1016230 http://securitytracker.com/id?1016230 1016235 http://securitytracker.com/id?1016235 18290 http://www.securityfocus.com/bid/18290 2006-0034 http://www.trustix.org/errata/2006/0034/ 20060607 rPSA-2006-0096-1 spamassassin http://www.securityfocus.com/archive/1/436288/100/0/threaded 20430 http://secunia.com/advisories/20430 20443 http://secunia.com/advisories/20443 20482 http://secunia.com/advisories/20482 20531 http://secunia.com/advisories/20531 20566 http://secunia.com/advisories/20566 20692 http://secunia.com/advisories/20692 ADV-2006-2148 http://www.vupen.com/english/advisories/2006/2148 DSA-1090 http://www.debian.org/security/2006/dsa-1090 GLSA-200606-09 http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml MDKSA-2006:103 http://www.mandriva.com/security/advisories?name=MDKSA-2006:103 RHSA-2006:0543 http://www.redhat.com/support/errata/RHSA-2006-0543.html http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html oval:org.mitre.oval:def:9184 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184 spamassassin-spamd-command-execution(27008) https://exchange.xforce.ibmcloud.com/vulnerabilities/27008
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com