5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.947 High
EPSS
Percentile
99.3%
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P)
switch, allows remote attackers to execute arbitrary commands via a crafted
message that is not properly handled when invoking spamd with the virtual
pop username.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | spamassassin | < 3.1.0a-2ubuntu1.1 | UNKNOWN |
ubuntu | 6.10 | noarch | spamassassin | < 3.1.4-1ubuntu1 | UNKNOWN |
ubuntu | 7.04 | noarch | spamassassin | < 3.1.4-1ubuntu1 | UNKNOWN |