Family: Debian Local Security Checks --> Category: infos
[DSA1090] DSA-1090-1 spamassassin Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
A vulnerability has been discovered in SpamAssassin, a Perl-based spam
filter using text analysis, that can allow remote attackers to execute
arbitrary commands. This problem only affects systems where spamd is
reachable via the internet and used with vpopmail virtual users, via
the "-v" / "--vpopmail" switch, and with the "-P" / "--paranoid"
switch which is not the default setting on Debian.
The old stable distribution (woody) is not affected by this problem.
For the stable distribution (sarge) this problem has been fixed in
For the volatile archive for the stable distribution (sarge) this
problem has been fixed in version 3.1.0a-0volatile3.
For the unstable distribution (sid) this problem has been fixed in
We recommend that you upgrade your spamd package.
Solution : http://www.debian.org/security/2006/dsa-1090
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.