CVE-2006-2447

Publication date 6 June 2006

Last updated 24 July 2024

Ubuntu priority

SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
spamassassin	7.04 feisty	Fixed 3.1.4-1ubuntu1
	6.10 edgy	Fixed 3.1.4-1ubuntu1
	6.06 LTS dapper	Fixed 3.1.0a-2ubuntu1.1

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2006-2447