SpamAssassin Vpopmail/Paranoid选项 远程命令执行漏洞

漏洞信息详情

SpamAssassin Vpopmail/Paranoid选项 远程命令执行漏洞

• CNNVD编号：CNNVD-200606-155
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2006-2447
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2006-06-06
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2013-01-08
  
• 厂        商：
  
  apache
• 漏洞来源：

SpaAssassin是一款用于过滤垃圾邮件的解决方案。

Spamassassin的spamd守护程序处理对其传送的虚拟pop用户名的方式存在漏洞。如果站点运行着有–vpopmail和–paranoid标记的spamd的话，能够连接到spamd守护程序的远程用户就可以以运行spamd用户的权限执行任意命令。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

DIA DIA 0.94

Mandriva dia-0.94-6.2.20060mdk.i586.rpm

Mandriva Linux 2006.0:

http://wwwnew.mandriva.com/en/downloads/

Mandriva dia-0.94-6.2.20060mdk.x86_64.rpm

Mandriva Linux 2006.0/X86_64:

http://wwwnew.mandriva.com/en/downloads/

RedHat Fedora dia-0.94-13.fc4.i386.rpm

Fedora Core 4

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

RedHat Fedora dia-0.94-13.fc4.ppc.rpm

Fedora Core 4

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

RedHat Fedora dia-0.94-13.fc4.x86_64.rpm

Fedora Core 4

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

RedHat Fedora dia-debuginfo-0.94-13.fc4.i386.rpm

Fedora Core 4

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

RedHat Fedora dia-debuginfo-0.94-13.fc4.ppc.rpm

Fedora Core 4

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

RedHat Fedora dia-debuginfo-0.94-13.fc4.x86_64.rpm

Fedora Core 4

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

Ubuntu dia-common_0.94.0-11ubuntu1.1_all.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-common_0.94.0-11 ubuntu1.1_all.deb

Ubuntu dia-common_0.94.0-5ubuntu1.2_all.deb

Ubuntu 5.04:

http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-common_0.94.0-5u buntu1.2_all.deb

Ubuntu dia-gnome_0.94.0-11ubuntu1.1_amd64.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11u buntu1.1_amd64.deb

Ubuntu dia-gnome_0.94.0-11ubuntu1.1_i386.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11u buntu1.1_i386.deb

Ubuntu dia-gnome_0.94.0-11ubuntu1.1_powerpc.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11u buntu1.1_powerpc.deb

Ubuntu dia-gnome_0.94.0-5ubuntu1.2_amd64.deb

Ubuntu 5.04:

http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ub untu1.2_amd64.deb

Ubuntu dia-gnome_0.94.0-5ubuntu1.2_i386.deb

Ubuntu 5.04:

http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ub untu1.2_i386.deb

Ubuntu dia-gnome_0.94.0-5ubuntu1.2_powerpc.deb

Ubuntu 5.04:

http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ub untu1.2_powerpc.deb

Ubuntu dia-libs_0.94.0-11ubuntu1.1_amd64.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ub untu1.1_amd64.deb

Ubuntu dia-libs_0.94.0-11ubuntu1.1_i386.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ub untu1.1_i386.deb

Ubuntu dia-libs_0.94.0-11ubuntu1.1_powerpc.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ub untu1.1_powerpc.deb

Ubuntu dia-libs_0.94.0-5ubuntu1.2_amd64.deb

Ubuntu 5.04:

http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubu ntu1.2_amd64.deb

Ubuntu dia-libs_0.94.0-5ubuntu1.2_i386.deb

Ubuntu 5.04:

http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubu ntu1.2_i386.deb

Ubuntu dia-libs_0.94.0-5ubuntu1.2_powerpc.deb

Ubuntu 5.04:

http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubu ntu1.2_powerpc.deb

Ubuntu dia_0.94.0-11ubuntu1.1_amd64.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubu ntu1.1_amd64.deb

Ubuntu dia_0.94.0-11ubuntu1.1_i386.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubu ntu1.1_i386.deb

Ubuntu dia_0.94.0-11ubuntu1.1_powerpc.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubu ntu1.1_powerpc.deb

Ubuntu dia_0.94.0-5ubuntu1.2_amd64.deb

Ubuntu 5.04:

http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubun tu1.2_amd64.deb

Ubuntu dia_0.94.0-5ubuntu1.2_i386.deb

Ubuntu 5.04:

http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubun tu1.2_i386.deb

Ubuntu dia_0.94.0-5ubuntu1.2_powerpc.deb

Ubuntu 5.04:

http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubun tu1.2_powerpc.deb

DIA DIA 0.93

Ubuntu dia-common_0.93-4ubuntu2.1_all.deb

Ubuntu 4.10:

http://security.ub

来源: BID

名称: 18290

链接:http://www.securityfocus.com/bid/18290

来源: REDHAT

名称: RHSA-2006:0543

链接:http://www.redhat.com/support/errata/RHSA-2006-0543.html

来源: www.nabble.com

链接:http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html

来源: VUPEN

名称: ADV-2006-2148

链接:http://www.frsirt.com/english/advisories/2006/2148

来源: DEBIAN

名称: DSA-1090

链接:http://www.debian.org/security/2006/dsa-1090

来源: SECUNIA

名称: 20443

链接:http://secunia.com/advisories/20443

来源: SECUNIA

名称: 20430

链接:http://secunia.com/advisories/20430

来源: XF

名称: spamassassin-spamd-command-execution(27008)

链接:http://xforce.iss.net/xforce/xfdb/27008

来源: TRUSTIX

名称: 2006-0034

链接:http://www.trustix.org/errata/2006/0034/

来源: BUGTRAQ

名称: 20060607 rPSA-2006-0096-1 spamassassin

链接:http://www.securityfocus.com/archive/1/archive/1/436288/100/0/threaded

来源: MANDRIVA

名称: MDKSA-2006:103

链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:103

来源: GENTOO

名称: GLSA-200606-09

链接:http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml

来源: SECTRACK

名称: 1016235

链接:http://securitytracker.com/id?1016235

来源: SECTRACK

名称: 1016230

链接:http://securitytracker.com/id?1016230

来源: SECUNIA

名称: 20692

链接:http://secunia.com/advisories/20692

来源: SECUNIA

名称: 20566

链接:http://secunia.com/advisories/20566

来源: SECUNIA

名称: 20531

链接:http://secunia.com/advisories/20531

来源: SECUNIA

名称: 20482

链接:http://secunia.com/advisories/20482

来源: MANDRIVA

名称: MDKSA-2006:103

链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:103