SpamAssassin Remote Command Execution Vulnerability (Jun 06 2006 12:00AM ) http://www.securityfocus.com/bid/18290
http://spamassassin.apache.org/advisories/cve-2006-2447.txt 3.1.3 fixes a remote code execution vulnerability if spamd is run with the "--vpopmail" and "-P" options. If either/both of those options are not used, there is no vulnerability. There was also a fix for the userstate directory and prefs file not being created. <<TSL2.2>> # rpm -qa | grep spa perl-mail-spamassassin-3.0.4-3tr spamassassin-tools-3.0.4-3tr spamassassin-3.0.4-3tr _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
