SpamAssassin: Execution of arbitrary code SpamAssassin, when running with certain options, could allow local or even remote attackers to execute arbitrary commands, possibly as the root user. Spamassassin 2006-06-11 2006-06-11 135746 remote 3.1.3 3.1.3

SpamAssassin is an extensible email filter used to identify junk email. spamd is the daemonized version of SpamAssassin.

When spamd is run with both the "--vpopmail" (-v) and "--paranoid" (-P) options, it is vulnerable to an unspecified issue.

With certain configuration options, a local or even remote attacker could execute arbitrary code with the rights of the user running spamd, which is root by default, by sending a crafted message to the spamd daemon. Furthermore, the attack can be remotely performed if the "--allowed-ips" (-A) option is present and specifies non-local adresses. Note that Gentoo Linux is not vulnerable in the default configuration.

Don't use both the "--paranoid" (-P) and the "--vpopmail" (-v) options.

All SpamAssassin users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=mail-filter/spamassassin-3.1.3" CVE-2006-2447 falco falco