|
Family: Gain a shell remotely --> Category: attack
SpamAssassin Arbitrary Command Execution Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for an command execution flaw in spamd
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote server allows execution of arbitrary commands.
Description :
The remote host is running spamd, a daemon belonging to SpamAssassin
and used to acertain whether messages represent spam.
The installed version of spamd on the remote host appears to allow an
unauthenticated user to execute arbitrary commands, subject to the
rights of the user under which it operates.
See also :
http://spamassassin.apache.org/advisories/cve-2006-2447.txt
Solution :
Upgrade to SpamAssassin 3.0.6 / 3.1.3 or later.
Threat Level:
Medium / CVSS Base Score : 5.6
(AV:R/AC:H/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|