Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2006-2447 (GCVE-0-2006-2447)
Vulnerability from cvelistv5 – Published: 2006-06-06 21:00 – Updated: 2024-08-07 17:51
VLAI
EPSS
Summary
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
19 references
Date Public
2006-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20482",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20482"
},
{
"name": "20060607 rPSA-2006-0096-1 spamassassin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436288/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:9184",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184"
},
{
"name": "2006-0034",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0034/"
},
{
"name": "GLSA-200606-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml"
},
{
"name": "20692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20692"
},
{
"name": "20566",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20566"
},
{
"name": "18290",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18290"
},
{
"name": "20430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20430"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html"
},
{
"name": "RHSA-2006:0543",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0543.html"
},
{
"name": "ADV-2006-2148",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2148"
},
{
"name": "20531",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20531"
},
{
"name": "1016230",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016230"
},
{
"name": "DSA-1090",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1090"
},
{
"name": "spamassassin-spamd-command-execution(27008)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27008"
},
{
"name": "20443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20443"
},
{
"name": "1016235",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016235"
},
{
"name": "MDKSA-2006:103",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:103"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20482",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20482"
},
{
"name": "20060607 rPSA-2006-0096-1 spamassassin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436288/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:9184",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184"
},
{
"name": "2006-0034",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0034/"
},
{
"name": "GLSA-200606-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml"
},
{
"name": "20692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20692"
},
{
"name": "20566",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20566"
},
{
"name": "18290",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18290"
},
{
"name": "20430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20430"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html"
},
{
"name": "RHSA-2006:0543",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0543.html"
},
{
"name": "ADV-2006-2148",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2148"
},
{
"name": "20531",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20531"
},
{
"name": "1016230",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016230"
},
{
"name": "DSA-1090",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1090"
},
{
"name": "spamassassin-spamd-command-execution(27008)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27008"
},
{
"name": "20443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20443"
},
{
"name": "1016235",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016235"
},
{
"name": "MDKSA-2006:103",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:103"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-2447",
"datePublished": "2006-06-06T21:00:00.000Z",
"dateReserved": "2006-05-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:51:04.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2006-2447",
"date": "2026-06-03",
"epss": "0.75795",
"percentile": "0.98928"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:spamassassin:3.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3ED86528-F90B-45FA-B21F-8D572C77A4F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:spamassassin:3.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70CC8292-C195-4966-B980-FF0D9A10053D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:spamassassin:3.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"547BE8A6-DAF3-40CE-BCD0-692250F9121B\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.\"}]",
"id": "CVE-2006-2447",
"lastModified": "2024-11-21T00:11:20.440",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:P/A:P\", \"baseScore\": 5.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 4.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": true, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2006-06-06T21:06:00.000",
"references": "[{\"url\": \"http://secunia.com/advisories/20430\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20443\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20482\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20531\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20566\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20692\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016230\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://securitytracker.com/id?1016235\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2006/dsa-1090\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2006:103\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2006-0543.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/436288/100/0/threaded\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/18290\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.trustix.org/errata/2006/0034/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2148\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27008\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/20430\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20443\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20482\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20531\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20566\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20692\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016230\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1016235\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2006/dsa-1090\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2006:103\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2006-0543.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/436288/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/18290\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.trustix.org/errata/2006/0034/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2148\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27008\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2006-2447\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2006-06-06T21:06:00.000\",\"lastModified\":\"2026-04-16T00:27:16.627\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:spamassassin:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3ED86528-F90B-45FA-B21F-8D572C77A4F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:spamassassin:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70CC8292-C195-4966-B980-FF0D9A10053D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:spamassassin:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"547BE8A6-DAF3-40CE-BCD0-692250F9121B\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/20430\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20443\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20482\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20531\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20566\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20692\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016230\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://securitytracker.com/id?1016235\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2006/dsa-1090\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:103\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0543.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/436288/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/18290\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.trustix.org/errata/2006/0034/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2148\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27008\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/20430\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20443\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20482\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20531\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20566\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20692\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016230\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1016235\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2006/dsa-1090\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:103\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0543.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/436288/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/18290\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.trustix.org/errata/2006/0034/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2148\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27008\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
FKIE_CVE-2006-2447
Vulnerability from fkie_nvd - Published: 2006-06-06 21:06 - Updated: 2026-04-16 00:27
Severity
Summary
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | spamassassin | 3.1.0 | |
| apache | spamassassin | 3.1.1 | |
| apache | spamassassin | 3.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:spamassassin:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED86528-F90B-45FA-B21F-8D572C77A4F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:spamassassin:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70CC8292-C195-4966-B980-FF0D9A10053D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:spamassassin:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "547BE8A6-DAF3-40CE-BCD0-692250F9121B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username."
}
],
"id": "CVE-2006-2447",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-06T21:06:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20430"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20443"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20482"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20531"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20566"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20692"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1016230"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1016235"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1090"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:103"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0543.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/436288/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18290"
},
{
"source": "secalert@redhat.com",
"url": "http://www.trustix.org/errata/2006/0034/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2148"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27008"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0543.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/436288/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2006/0034/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-XJ48-9VRG-VXXC
Vulnerability from github – Published: 2022-05-01 06:59 – Updated: 2025-04-03 04:34
VLAI
Details
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
{
"affected": [],
"aliases": [
"CVE-2006-2447"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2006-06-06T21:06:00Z",
"severity": "MODERATE"
},
"details": "SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.",
"id": "GHSA-xj48-9vrg-vxxc",
"modified": "2025-04-03T04:34:06Z",
"published": "2022-05-01T06:59:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2447"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27008"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/20430"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/20443"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/20482"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/20531"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/20566"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/20692"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1016230"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1016235"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2006/dsa-1090"
},
{
"type": "WEB",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:103"
},
{
"type": "WEB",
"url": "http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0543.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/436288/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/18290"
},
{
"type": "WEB",
"url": "http://www.trustix.org/errata/2006/0034"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2006/2148"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2006-2447
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2006-2447",
"description": "SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.",
"id": "GSD-2006-2447",
"references": [
"https://www.suse.com/security/cve/CVE-2006-2447.html",
"https://www.debian.org/security/2006/dsa-1090",
"https://access.redhat.com/errata/RHSA-2006:0543",
"https://packetstormsecurity.com/files/cve/CVE-2006-2447"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2006-2447"
],
"details": "SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.",
"id": "GSD-2006-2447",
"modified": "2023-12-13T01:19:53.295095Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-2447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/advisories/20430",
"refsource": "MISC",
"url": "http://secunia.com/advisories/20430"
},
{
"name": "http://secunia.com/advisories/20443",
"refsource": "MISC",
"url": "http://secunia.com/advisories/20443"
},
{
"name": "http://secunia.com/advisories/20482",
"refsource": "MISC",
"url": "http://secunia.com/advisories/20482"
},
{
"name": "http://secunia.com/advisories/20531",
"refsource": "MISC",
"url": "http://secunia.com/advisories/20531"
},
{
"name": "http://secunia.com/advisories/20566",
"refsource": "MISC",
"url": "http://secunia.com/advisories/20566"
},
{
"name": "http://secunia.com/advisories/20692",
"refsource": "MISC",
"url": "http://secunia.com/advisories/20692"
},
{
"name": "http://securitytracker.com/id?1016230",
"refsource": "MISC",
"url": "http://securitytracker.com/id?1016230"
},
{
"name": "http://securitytracker.com/id?1016235",
"refsource": "MISC",
"url": "http://securitytracker.com/id?1016235"
},
{
"name": "http://www.debian.org/security/2006/dsa-1090",
"refsource": "MISC",
"url": "http://www.debian.org/security/2006/dsa-1090"
},
{
"name": "http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml",
"refsource": "MISC",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml"
},
{
"name": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:103",
"refsource": "MISC",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:103"
},
{
"name": "http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html",
"refsource": "MISC",
"url": "http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html"
},
{
"name": "http://www.redhat.com/support/errata/RHSA-2006-0543.html",
"refsource": "MISC",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0543.html"
},
{
"name": "http://www.securityfocus.com/archive/1/436288/100/0/threaded",
"refsource": "MISC",
"url": "http://www.securityfocus.com/archive/1/436288/100/0/threaded"
},
{
"name": "http://www.securityfocus.com/bid/18290",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/18290"
},
{
"name": "http://www.trustix.org/errata/2006/0034/",
"refsource": "MISC",
"url": "http://www.trustix.org/errata/2006/0034/"
},
{
"name": "http://www.vupen.com/english/advisories/2006/2148",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2006/2148"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27008",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27008"
},
{
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184",
"refsource": "MISC",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:spamassassin:3.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:spamassassin:3.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:spamassassin:3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-2447"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html"
},
{
"name": "DSA-1090",
"refsource": "DEBIAN",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1090"
},
{
"name": "RHSA-2006:0543",
"refsource": "REDHAT",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0543.html"
},
{
"name": "18290",
"refsource": "BID",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18290"
},
{
"name": "20443",
"refsource": "SECUNIA",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20443"
},
{
"name": "20430",
"refsource": "SECUNIA",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20430"
},
{
"name": "20482",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20482"
},
{
"name": "GLSA-200606-09",
"refsource": "GENTOO",
"tags": [],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml"
},
{
"name": "2006-0034",
"refsource": "TRUSTIX",
"tags": [],
"url": "http://www.trustix.org/errata/2006/0034/"
},
{
"name": "1016230",
"refsource": "SECTRACK",
"tags": [],
"url": "http://securitytracker.com/id?1016230"
},
{
"name": "1016235",
"refsource": "SECTRACK",
"tags": [],
"url": "http://securitytracker.com/id?1016235"
},
{
"name": "20531",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20531"
},
{
"name": "20566",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20566"
},
{
"name": "20692",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20692"
},
{
"name": "MDKSA-2006:103",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:103"
},
{
"name": "ADV-2006-2148",
"refsource": "VUPEN",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2148"
},
{
"name": "spamassassin-spamd-command-execution(27008)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27008"
},
{
"name": "oval:org.mitre.oval:def:9184",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184"
},
{
"name": "20060607 rPSA-2006-0096-1 spamassassin",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/436288/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-10-18T16:40Z",
"publishedDate": "2006-06-06T21:06Z"
}
}
}
RHSA-2006:0543
Vulnerability from csaf_redhat - Published: 2006-06-06 17:08 - Updated: 2025-11-21 17:30Summary
Red Hat Security Advisory: spamassassin security update
Severity
Moderate
Notes
Topic: Updated spamassassin packages that fix an arbitrary code execution flaw
are now available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details: SpamAssassin provides a way to reduce unsolicited commercial email (SPAM)
from incoming email.
A flaw was found with the way the Spamassassin spamd daemon processes the
virtual pop username passed to it. If a site is running spamd with both the
--vpopmail and --paranoid flags, it is possible for a remote user with the
ability to connect to the spamd daemon to execute arbitrary commands as
the user running the spamd daemon. (CVE-2006-2447)
Note: None of the IMAP or POP servers shipped with Red Hat Enterprise Linux
4 support vpopmail delivery. Running spamd with the --vpopmail and
--paranoid flags is uncommon and not the default startup option as shipped
with Red Hat Enterprise Linux 4.
Spamassassin, as shipped in Red Hat Enterprise Linux 4, performs RBL
lookups against visi.com to help determine if an email is spam. However,
this DNS RBL has recently disappeared, resulting in mail filtering delays
and timeouts.
Users of SpamAssassin should upgrade to these updated packages containing
version 3.0.6 and backported patches, which are not vulnerable to these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
Affected products
Fixed
52 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 4AS:spamassassin-0:3.0.6-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:spamassassin-0:3.0.6-1.el4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:spamassassin-0:3.0.6-1.el4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:spamassassin-0:3.0.6-1.el4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:spamassassin-0:3.0.6-1.el4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:spamassassin-0:3.0.6-1.el4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:spamassassin-0:3.0.6-1.el4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:spamassassin-debuginfo-0:3.0.6-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:spamassassin-debuginfo-0:3.0.6-1.el4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:spamassassin-debuginfo-0:3.0.6-1.el4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:spamassassin-debuginfo-0:3.0.6-1.el4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:spamassassin-debuginfo-0:3.0.6-1.el4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-0:3.0.6-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-0:3.0.6-1.el4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-0:3.0.6-1.el4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-0:3.0.6-1.el4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-0:3.0.6-1.el4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-0:3.0.6-1.el4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-0:3.0.6-1.el4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-0:3.0.6-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-0:3.0.6-1.el4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-0:3.0.6-1.el4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-0:3.0.6-1.el4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-0:3.0.6-1.el4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-0:3.0.6-1.el4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-0:3.0.6-1.el4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-debuginfo-0:3.0.6-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-debuginfo-0:3.0.6-1.el4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-debuginfo-0:3.0.6-1.el4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-debuginfo-0:3.0.6-1.el4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-debuginfo-0:3.0.6-1.el4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-0:3.0.6-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-0:3.0.6-1.el4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-0:3.0.6-1.el4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-0:3.0.6-1.el4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-0:3.0.6-1.el4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-0:3.0.6-1.el4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-0:3.0.6-1.el4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-debuginfo-0:3.0.6-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-debuginfo-0:3.0.6-1.el4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-debuginfo-0:3.0.6-1.el4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-debuginfo-0:3.0.6-1.el4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-debuginfo-0:3.0.6-1.el4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated spamassassin packages that fix an arbitrary code execution flaw\nare now available.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "SpamAssassin provides a way to reduce unsolicited commercial email (SPAM)\nfrom incoming email.\n\nA flaw was found with the way the Spamassassin spamd daemon processes the\nvirtual pop username passed to it. If a site is running spamd with both the\n--vpopmail and --paranoid flags, it is possible for a remote user with the\nability to connect to the spamd daemon to execute arbitrary commands as\nthe user running the spamd daemon. (CVE-2006-2447)\n\nNote: None of the IMAP or POP servers shipped with Red Hat Enterprise Linux\n4 support vpopmail delivery. Running spamd with the --vpopmail and\n--paranoid flags is uncommon and not the default startup option as shipped\nwith Red Hat Enterprise Linux 4.\n\nSpamassassin, as shipped in Red Hat Enterprise Linux 4, performs RBL\nlookups against visi.com to help determine if an email is spam. However,\nthis DNS RBL has recently disappeared, resulting in mail filtering delays\nand timeouts.\n\nUsers of SpamAssassin should upgrade to these updated packages containing\nversion 3.0.6 and backported patches, which are not vulnerable to these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2006:0543",
"url": "https://access.redhat.com/errata/RHSA-2006:0543"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#moderate",
"url": "http://www.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "178580",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=178580"
},
{
"category": "external",
"summary": "191033",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=191033"
},
{
"category": "external",
"summary": "193865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=193865"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0543.json"
}
],
"title": "Red Hat Security Advisory: spamassassin security update",
"tracking": {
"current_release_date": "2025-11-21T17:30:18+00:00",
"generator": {
"date": "2025-11-21T17:30:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2006:0543",
"initial_release_date": "2006-06-06T17:08:00+00:00",
"revision_history": [
{
"date": "2006-06-06T17:08:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2006-06-06T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:30:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "spamassassin-0:3.0.6-1.el4.ia64",
"product": {
"name": "spamassassin-0:3.0.6-1.el4.ia64",
"product_id": "spamassassin-0:3.0.6-1.el4.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin@3.0.6-1.el4?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"product": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"product_id": "spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin-debuginfo@3.0.6-1.el4?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "spamassassin-0:3.0.6-1.el4.src",
"product": {
"name": "spamassassin-0:3.0.6-1.el4.src",
"product_id": "spamassassin-0:3.0.6-1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin@3.0.6-1.el4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "spamassassin-0:3.0.6-1.el4.x86_64",
"product": {
"name": "spamassassin-0:3.0.6-1.el4.x86_64",
"product_id": "spamassassin-0:3.0.6-1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin@3.0.6-1.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"product": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"product_id": "spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin-debuginfo@3.0.6-1.el4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "spamassassin-0:3.0.6-1.el4.i386",
"product": {
"name": "spamassassin-0:3.0.6-1.el4.i386",
"product_id": "spamassassin-0:3.0.6-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin@3.0.6-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"product": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"product_id": "spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin-debuginfo@3.0.6-1.el4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "spamassassin-0:3.0.6-1.el4.ppc",
"product": {
"name": "spamassassin-0:3.0.6-1.el4.ppc",
"product_id": "spamassassin-0:3.0.6-1.el4.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin@3.0.6-1.el4?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"product": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"product_id": "spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin-debuginfo@3.0.6-1.el4?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "spamassassin-0:3.0.6-1.el4.s390x",
"product": {
"name": "spamassassin-0:3.0.6-1.el4.s390x",
"product_id": "spamassassin-0:3.0.6-1.el4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin@3.0.6-1.el4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"product": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"product_id": "spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin-debuginfo@3.0.6-1.el4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "spamassassin-0:3.0.6-1.el4.s390",
"product": {
"name": "spamassassin-0:3.0.6-1.el4.s390",
"product_id": "spamassassin-0:3.0.6-1.el4.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin@3.0.6-1.el4?arch=s390"
}
}
},
{
"category": "product_version",
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"product": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"product_id": "spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin-debuginfo@3.0.6-1.el4?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-0:3.0.6-1.el4.i386"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-0:3.0.6-1.el4.ia64"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-0:3.0.6-1.el4.ppc"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-0:3.0.6-1.el4.s390"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-0:3.0.6-1.el4.s390x"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-0:3.0.6-1.el4.src"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-0:3.0.6-1.el4.x86_64"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-debuginfo-0:3.0.6-1.el4.i386"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-debuginfo-0:3.0.6-1.el4.ia64"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-debuginfo-0:3.0.6-1.el4.ppc"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-debuginfo-0:3.0.6-1.el4.s390"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-debuginfo-0:3.0.6-1.el4.s390x"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-0:3.0.6-1.el4.i386"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-0:3.0.6-1.el4.ia64"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-0:3.0.6-1.el4.ppc"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-0:3.0.6-1.el4.s390"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-0:3.0.6-1.el4.s390x"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-0:3.0.6-1.el4.src"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-0:3.0.6-1.el4.x86_64"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.i386"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.ia64"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.ppc"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.s390"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.s390x"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-0:3.0.6-1.el4.i386"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-0:3.0.6-1.el4.ia64"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-0:3.0.6-1.el4.ppc"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-0:3.0.6-1.el4.s390"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-0:3.0.6-1.el4.s390x"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-0:3.0.6-1.el4.src"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-0:3.0.6-1.el4.x86_64"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-debuginfo-0:3.0.6-1.el4.i386"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-debuginfo-0:3.0.6-1.el4.ia64"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-debuginfo-0:3.0.6-1.el4.ppc"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-debuginfo-0:3.0.6-1.el4.s390"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-debuginfo-0:3.0.6-1.el4.s390x"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-0:3.0.6-1.el4.i386"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-0:3.0.6-1.el4.ia64"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-0:3.0.6-1.el4.ppc"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-0:3.0.6-1.el4.s390"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-0:3.0.6-1.el4.s390x"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-0:3.0.6-1.el4.src"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-0:3.0.6-1.el4.x86_64"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-debuginfo-0:3.0.6-1.el4.i386"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-debuginfo-0:3.0.6-1.el4.ia64"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-debuginfo-0:3.0.6-1.el4.ppc"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-debuginfo-0:3.0.6-1.el4.s390"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-debuginfo-0:3.0.6-1.el4.s390x"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-2447",
"discovery_date": "2006-06-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618105"
}
],
"notes": [
{
"category": "description",
"text": "SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS:spamassassin-0:3.0.6-1.el4.i386",
"4AS:spamassassin-0:3.0.6-1.el4.ia64",
"4AS:spamassassin-0:3.0.6-1.el4.ppc",
"4AS:spamassassin-0:3.0.6-1.el4.s390",
"4AS:spamassassin-0:3.0.6-1.el4.s390x",
"4AS:spamassassin-0:3.0.6-1.el4.src",
"4AS:spamassassin-0:3.0.6-1.el4.x86_64",
"4AS:spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"4AS:spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"4AS:spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"4AS:spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"4AS:spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"4AS:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"4Desktop:spamassassin-0:3.0.6-1.el4.i386",
"4Desktop:spamassassin-0:3.0.6-1.el4.ia64",
"4Desktop:spamassassin-0:3.0.6-1.el4.ppc",
"4Desktop:spamassassin-0:3.0.6-1.el4.s390",
"4Desktop:spamassassin-0:3.0.6-1.el4.s390x",
"4Desktop:spamassassin-0:3.0.6-1.el4.src",
"4Desktop:spamassassin-0:3.0.6-1.el4.x86_64",
"4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"4ES:spamassassin-0:3.0.6-1.el4.i386",
"4ES:spamassassin-0:3.0.6-1.el4.ia64",
"4ES:spamassassin-0:3.0.6-1.el4.ppc",
"4ES:spamassassin-0:3.0.6-1.el4.s390",
"4ES:spamassassin-0:3.0.6-1.el4.s390x",
"4ES:spamassassin-0:3.0.6-1.el4.src",
"4ES:spamassassin-0:3.0.6-1.el4.x86_64",
"4ES:spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"4ES:spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"4ES:spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"4ES:spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"4ES:spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"4ES:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"4WS:spamassassin-0:3.0.6-1.el4.i386",
"4WS:spamassassin-0:3.0.6-1.el4.ia64",
"4WS:spamassassin-0:3.0.6-1.el4.ppc",
"4WS:spamassassin-0:3.0.6-1.el4.s390",
"4WS:spamassassin-0:3.0.6-1.el4.s390x",
"4WS:spamassassin-0:3.0.6-1.el4.src",
"4WS:spamassassin-0:3.0.6-1.el4.x86_64",
"4WS:spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"4WS:spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"4WS:spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"4WS:spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"4WS:spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"4WS:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-2447"
},
{
"category": "external",
"summary": "RHBZ#1618105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618105"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-2447",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2447"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-2447",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2447"
}
],
"release_date": "2006-06-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-06-06T17:08:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"4AS:spamassassin-0:3.0.6-1.el4.i386",
"4AS:spamassassin-0:3.0.6-1.el4.ia64",
"4AS:spamassassin-0:3.0.6-1.el4.ppc",
"4AS:spamassassin-0:3.0.6-1.el4.s390",
"4AS:spamassassin-0:3.0.6-1.el4.s390x",
"4AS:spamassassin-0:3.0.6-1.el4.src",
"4AS:spamassassin-0:3.0.6-1.el4.x86_64",
"4AS:spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"4AS:spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"4AS:spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"4AS:spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"4AS:spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"4AS:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"4Desktop:spamassassin-0:3.0.6-1.el4.i386",
"4Desktop:spamassassin-0:3.0.6-1.el4.ia64",
"4Desktop:spamassassin-0:3.0.6-1.el4.ppc",
"4Desktop:spamassassin-0:3.0.6-1.el4.s390",
"4Desktop:spamassassin-0:3.0.6-1.el4.s390x",
"4Desktop:spamassassin-0:3.0.6-1.el4.src",
"4Desktop:spamassassin-0:3.0.6-1.el4.x86_64",
"4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"4ES:spamassassin-0:3.0.6-1.el4.i386",
"4ES:spamassassin-0:3.0.6-1.el4.ia64",
"4ES:spamassassin-0:3.0.6-1.el4.ppc",
"4ES:spamassassin-0:3.0.6-1.el4.s390",
"4ES:spamassassin-0:3.0.6-1.el4.s390x",
"4ES:spamassassin-0:3.0.6-1.el4.src",
"4ES:spamassassin-0:3.0.6-1.el4.x86_64",
"4ES:spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"4ES:spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"4ES:spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"4ES:spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"4ES:spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"4ES:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"4WS:spamassassin-0:3.0.6-1.el4.i386",
"4WS:spamassassin-0:3.0.6-1.el4.ia64",
"4WS:spamassassin-0:3.0.6-1.el4.ppc",
"4WS:spamassassin-0:3.0.6-1.el4.s390",
"4WS:spamassassin-0:3.0.6-1.el4.s390x",
"4WS:spamassassin-0:3.0.6-1.el4.src",
"4WS:spamassassin-0:3.0.6-1.el4.x86_64",
"4WS:spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"4WS:spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"4WS:spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"4WS:spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"4WS:spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"4WS:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0543"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
RHSA-2006_0543
Vulnerability from csaf_redhat - Published: 2006-06-06 17:08 - Updated: 2024-11-22 00:19Summary
Red Hat Security Advisory: spamassassin security update
Severity
Moderate
Notes
Topic: Updated spamassassin packages that fix an arbitrary code execution flaw
are now available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details: SpamAssassin provides a way to reduce unsolicited commercial email (SPAM)
from incoming email.
A flaw was found with the way the Spamassassin spamd daemon processes the
virtual pop username passed to it. If a site is running spamd with both the
--vpopmail and --paranoid flags, it is possible for a remote user with the
ability to connect to the spamd daemon to execute arbitrary commands as
the user running the spamd daemon. (CVE-2006-2447)
Note: None of the IMAP or POP servers shipped with Red Hat Enterprise Linux
4 support vpopmail delivery. Running spamd with the --vpopmail and
--paranoid flags is uncommon and not the default startup option as shipped
with Red Hat Enterprise Linux 4.
Spamassassin, as shipped in Red Hat Enterprise Linux 4, performs RBL
lookups against visi.com to help determine if an email is spam. However,
this DNS RBL has recently disappeared, resulting in mail filtering delays
and timeouts.
Users of SpamAssassin should upgrade to these updated packages containing
version 3.0.6 and backported patches, which are not vulnerable to these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
Affected products
Fixed
52 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 4AS:spamassassin-0:3.0.6-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:spamassassin-0:3.0.6-1.el4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:spamassassin-0:3.0.6-1.el4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:spamassassin-0:3.0.6-1.el4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:spamassassin-0:3.0.6-1.el4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:spamassassin-0:3.0.6-1.el4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:spamassassin-0:3.0.6-1.el4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:spamassassin-debuginfo-0:3.0.6-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:spamassassin-debuginfo-0:3.0.6-1.el4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:spamassassin-debuginfo-0:3.0.6-1.el4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:spamassassin-debuginfo-0:3.0.6-1.el4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:spamassassin-debuginfo-0:3.0.6-1.el4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-0:3.0.6-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-0:3.0.6-1.el4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-0:3.0.6-1.el4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-0:3.0.6-1.el4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-0:3.0.6-1.el4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-0:3.0.6-1.el4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-0:3.0.6-1.el4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-0:3.0.6-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-0:3.0.6-1.el4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-0:3.0.6-1.el4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-0:3.0.6-1.el4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-0:3.0.6-1.el4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-0:3.0.6-1.el4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-0:3.0.6-1.el4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-debuginfo-0:3.0.6-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-debuginfo-0:3.0.6-1.el4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-debuginfo-0:3.0.6-1.el4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-debuginfo-0:3.0.6-1.el4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-debuginfo-0:3.0.6-1.el4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-0:3.0.6-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-0:3.0.6-1.el4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-0:3.0.6-1.el4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-0:3.0.6-1.el4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-0:3.0.6-1.el4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-0:3.0.6-1.el4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-0:3.0.6-1.el4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-debuginfo-0:3.0.6-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-debuginfo-0:3.0.6-1.el4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-debuginfo-0:3.0.6-1.el4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-debuginfo-0:3.0.6-1.el4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-debuginfo-0:3.0.6-1.el4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated spamassassin packages that fix an arbitrary code execution flaw\nare now available.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "SpamAssassin provides a way to reduce unsolicited commercial email (SPAM)\nfrom incoming email.\n\nA flaw was found with the way the Spamassassin spamd daemon processes the\nvirtual pop username passed to it. If a site is running spamd with both the\n--vpopmail and --paranoid flags, it is possible for a remote user with the\nability to connect to the spamd daemon to execute arbitrary commands as\nthe user running the spamd daemon. (CVE-2006-2447)\n\nNote: None of the IMAP or POP servers shipped with Red Hat Enterprise Linux\n4 support vpopmail delivery. Running spamd with the --vpopmail and\n--paranoid flags is uncommon and not the default startup option as shipped\nwith Red Hat Enterprise Linux 4.\n\nSpamassassin, as shipped in Red Hat Enterprise Linux 4, performs RBL\nlookups against visi.com to help determine if an email is spam. However,\nthis DNS RBL has recently disappeared, resulting in mail filtering delays\nand timeouts.\n\nUsers of SpamAssassin should upgrade to these updated packages containing\nversion 3.0.6 and backported patches, which are not vulnerable to these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2006:0543",
"url": "https://access.redhat.com/errata/RHSA-2006:0543"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#moderate",
"url": "http://www.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "178580",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=178580"
},
{
"category": "external",
"summary": "191033",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=191033"
},
{
"category": "external",
"summary": "193865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=193865"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0543.json"
}
],
"title": "Red Hat Security Advisory: spamassassin security update",
"tracking": {
"current_release_date": "2024-11-22T00:19:58+00:00",
"generator": {
"date": "2024-11-22T00:19:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2006:0543",
"initial_release_date": "2006-06-06T17:08:00+00:00",
"revision_history": [
{
"date": "2006-06-06T17:08:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2006-06-06T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T00:19:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "spamassassin-0:3.0.6-1.el4.ia64",
"product": {
"name": "spamassassin-0:3.0.6-1.el4.ia64",
"product_id": "spamassassin-0:3.0.6-1.el4.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin@3.0.6-1.el4?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"product": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"product_id": "spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin-debuginfo@3.0.6-1.el4?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "spamassassin-0:3.0.6-1.el4.src",
"product": {
"name": "spamassassin-0:3.0.6-1.el4.src",
"product_id": "spamassassin-0:3.0.6-1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin@3.0.6-1.el4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "spamassassin-0:3.0.6-1.el4.x86_64",
"product": {
"name": "spamassassin-0:3.0.6-1.el4.x86_64",
"product_id": "spamassassin-0:3.0.6-1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin@3.0.6-1.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"product": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"product_id": "spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin-debuginfo@3.0.6-1.el4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "spamassassin-0:3.0.6-1.el4.i386",
"product": {
"name": "spamassassin-0:3.0.6-1.el4.i386",
"product_id": "spamassassin-0:3.0.6-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin@3.0.6-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"product": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"product_id": "spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin-debuginfo@3.0.6-1.el4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "spamassassin-0:3.0.6-1.el4.ppc",
"product": {
"name": "spamassassin-0:3.0.6-1.el4.ppc",
"product_id": "spamassassin-0:3.0.6-1.el4.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin@3.0.6-1.el4?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"product": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"product_id": "spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin-debuginfo@3.0.6-1.el4?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "spamassassin-0:3.0.6-1.el4.s390x",
"product": {
"name": "spamassassin-0:3.0.6-1.el4.s390x",
"product_id": "spamassassin-0:3.0.6-1.el4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin@3.0.6-1.el4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"product": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"product_id": "spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin-debuginfo@3.0.6-1.el4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "spamassassin-0:3.0.6-1.el4.s390",
"product": {
"name": "spamassassin-0:3.0.6-1.el4.s390",
"product_id": "spamassassin-0:3.0.6-1.el4.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin@3.0.6-1.el4?arch=s390"
}
}
},
{
"category": "product_version",
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"product": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"product_id": "spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spamassassin-debuginfo@3.0.6-1.el4?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-0:3.0.6-1.el4.i386"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-0:3.0.6-1.el4.ia64"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-0:3.0.6-1.el4.ppc"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-0:3.0.6-1.el4.s390"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-0:3.0.6-1.el4.s390x"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-0:3.0.6-1.el4.src"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-0:3.0.6-1.el4.x86_64"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-debuginfo-0:3.0.6-1.el4.i386"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-debuginfo-0:3.0.6-1.el4.ia64"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-debuginfo-0:3.0.6-1.el4.ppc"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-debuginfo-0:3.0.6-1.el4.s390"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-debuginfo-0:3.0.6-1.el4.s390x"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-0:3.0.6-1.el4.i386"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-0:3.0.6-1.el4.ia64"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-0:3.0.6-1.el4.ppc"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-0:3.0.6-1.el4.s390"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-0:3.0.6-1.el4.s390x"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-0:3.0.6-1.el4.src"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-0:3.0.6-1.el4.x86_64"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.i386"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.ia64"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.ppc"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.s390"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.s390x"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-0:3.0.6-1.el4.i386"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-0:3.0.6-1.el4.ia64"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-0:3.0.6-1.el4.ppc"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-0:3.0.6-1.el4.s390"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-0:3.0.6-1.el4.s390x"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-0:3.0.6-1.el4.src"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-0:3.0.6-1.el4.x86_64"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-debuginfo-0:3.0.6-1.el4.i386"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-debuginfo-0:3.0.6-1.el4.ia64"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-debuginfo-0:3.0.6-1.el4.ppc"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-debuginfo-0:3.0.6-1.el4.s390"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-debuginfo-0:3.0.6-1.el4.s390x"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-0:3.0.6-1.el4.i386"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-0:3.0.6-1.el4.ia64"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-0:3.0.6-1.el4.ppc"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-0:3.0.6-1.el4.s390"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-0:3.0.6-1.el4.s390x"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-0:3.0.6-1.el4.src"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-0:3.0.6-1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-0:3.0.6-1.el4.x86_64"
},
"product_reference": "spamassassin-0:3.0.6-1.el4.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-debuginfo-0:3.0.6-1.el4.i386"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-debuginfo-0:3.0.6-1.el4.ia64"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-debuginfo-0:3.0.6-1.el4.ppc"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-debuginfo-0:3.0.6-1.el4.s390"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-debuginfo-0:3.0.6-1.el4.s390x"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spamassassin-debuginfo-0:3.0.6-1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64"
},
"product_reference": "spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-2447",
"discovery_date": "2006-06-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618105"
}
],
"notes": [
{
"category": "description",
"text": "SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS:spamassassin-0:3.0.6-1.el4.i386",
"4AS:spamassassin-0:3.0.6-1.el4.ia64",
"4AS:spamassassin-0:3.0.6-1.el4.ppc",
"4AS:spamassassin-0:3.0.6-1.el4.s390",
"4AS:spamassassin-0:3.0.6-1.el4.s390x",
"4AS:spamassassin-0:3.0.6-1.el4.src",
"4AS:spamassassin-0:3.0.6-1.el4.x86_64",
"4AS:spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"4AS:spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"4AS:spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"4AS:spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"4AS:spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"4AS:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"4Desktop:spamassassin-0:3.0.6-1.el4.i386",
"4Desktop:spamassassin-0:3.0.6-1.el4.ia64",
"4Desktop:spamassassin-0:3.0.6-1.el4.ppc",
"4Desktop:spamassassin-0:3.0.6-1.el4.s390",
"4Desktop:spamassassin-0:3.0.6-1.el4.s390x",
"4Desktop:spamassassin-0:3.0.6-1.el4.src",
"4Desktop:spamassassin-0:3.0.6-1.el4.x86_64",
"4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"4ES:spamassassin-0:3.0.6-1.el4.i386",
"4ES:spamassassin-0:3.0.6-1.el4.ia64",
"4ES:spamassassin-0:3.0.6-1.el4.ppc",
"4ES:spamassassin-0:3.0.6-1.el4.s390",
"4ES:spamassassin-0:3.0.6-1.el4.s390x",
"4ES:spamassassin-0:3.0.6-1.el4.src",
"4ES:spamassassin-0:3.0.6-1.el4.x86_64",
"4ES:spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"4ES:spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"4ES:spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"4ES:spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"4ES:spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"4ES:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"4WS:spamassassin-0:3.0.6-1.el4.i386",
"4WS:spamassassin-0:3.0.6-1.el4.ia64",
"4WS:spamassassin-0:3.0.6-1.el4.ppc",
"4WS:spamassassin-0:3.0.6-1.el4.s390",
"4WS:spamassassin-0:3.0.6-1.el4.s390x",
"4WS:spamassassin-0:3.0.6-1.el4.src",
"4WS:spamassassin-0:3.0.6-1.el4.x86_64",
"4WS:spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"4WS:spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"4WS:spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"4WS:spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"4WS:spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"4WS:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-2447"
},
{
"category": "external",
"summary": "RHBZ#1618105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618105"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-2447",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2447"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-2447",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2447"
}
],
"release_date": "2006-06-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-06-06T17:08:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"4AS:spamassassin-0:3.0.6-1.el4.i386",
"4AS:spamassassin-0:3.0.6-1.el4.ia64",
"4AS:spamassassin-0:3.0.6-1.el4.ppc",
"4AS:spamassassin-0:3.0.6-1.el4.s390",
"4AS:spamassassin-0:3.0.6-1.el4.s390x",
"4AS:spamassassin-0:3.0.6-1.el4.src",
"4AS:spamassassin-0:3.0.6-1.el4.x86_64",
"4AS:spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"4AS:spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"4AS:spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"4AS:spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"4AS:spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"4AS:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"4Desktop:spamassassin-0:3.0.6-1.el4.i386",
"4Desktop:spamassassin-0:3.0.6-1.el4.ia64",
"4Desktop:spamassassin-0:3.0.6-1.el4.ppc",
"4Desktop:spamassassin-0:3.0.6-1.el4.s390",
"4Desktop:spamassassin-0:3.0.6-1.el4.s390x",
"4Desktop:spamassassin-0:3.0.6-1.el4.src",
"4Desktop:spamassassin-0:3.0.6-1.el4.x86_64",
"4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"4Desktop:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"4ES:spamassassin-0:3.0.6-1.el4.i386",
"4ES:spamassassin-0:3.0.6-1.el4.ia64",
"4ES:spamassassin-0:3.0.6-1.el4.ppc",
"4ES:spamassassin-0:3.0.6-1.el4.s390",
"4ES:spamassassin-0:3.0.6-1.el4.s390x",
"4ES:spamassassin-0:3.0.6-1.el4.src",
"4ES:spamassassin-0:3.0.6-1.el4.x86_64",
"4ES:spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"4ES:spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"4ES:spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"4ES:spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"4ES:spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"4ES:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64",
"4WS:spamassassin-0:3.0.6-1.el4.i386",
"4WS:spamassassin-0:3.0.6-1.el4.ia64",
"4WS:spamassassin-0:3.0.6-1.el4.ppc",
"4WS:spamassassin-0:3.0.6-1.el4.s390",
"4WS:spamassassin-0:3.0.6-1.el4.s390x",
"4WS:spamassassin-0:3.0.6-1.el4.src",
"4WS:spamassassin-0:3.0.6-1.el4.x86_64",
"4WS:spamassassin-debuginfo-0:3.0.6-1.el4.i386",
"4WS:spamassassin-debuginfo-0:3.0.6-1.el4.ia64",
"4WS:spamassassin-debuginfo-0:3.0.6-1.el4.ppc",
"4WS:spamassassin-debuginfo-0:3.0.6-1.el4.s390",
"4WS:spamassassin-debuginfo-0:3.0.6-1.el4.s390x",
"4WS:spamassassin-debuginfo-0:3.0.6-1.el4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0543"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…