CVE-2006-2447

N/A Unknown
Published: June 06, 2006 Modified: April 16, 2026
View on NVD

Description

SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://secunia.com/advisories/20430
Source: secalert@redhat.com
Patch Vendor Advisory
http://secunia.com/advisories/20443
Source: secalert@redhat.com
Patch Vendor Advisory
http://secunia.com/advisories/20482
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/20531
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/20566
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/20692
Source: secalert@redhat.com
Vendor Advisory
http://securitytracker.com/id?1016230
Source: secalert@redhat.com
http://securitytracker.com/id?1016235
Source: secalert@redhat.com
http://www.debian.org/security/2006/dsa-1090
Source: secalert@redhat.com
Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml
Source: secalert@redhat.com
http://www.mandriva.com/security/advisories?name=MDKSA-2006:103
Source: secalert@redhat.com
http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html
Source: secalert@redhat.com
Patch
http://www.redhat.com/support/errata/RHSA-2006-0543.html
Source: secalert@redhat.com
Patch Vendor Advisory
http://www.securityfocus.com/archive/1/436288/100/0/threaded
Source: secalert@redhat.com
http://www.securityfocus.com/bid/18290
Source: secalert@redhat.com
Patch
http://www.trustix.org/errata/2006/0034/
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2006/2148
Source: secalert@redhat.com
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27008
Source: secalert@redhat.com
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184
Source: secalert@redhat.com
http://secunia.com/advisories/20430
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://secunia.com/advisories/20443
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://secunia.com/advisories/20482
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/20531
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/20566
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/20692
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://securitytracker.com/id?1016230
Source: af854a3a-2127-422b-91ae-364da2661108
http://securitytracker.com/id?1016235
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2006/dsa-1090
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mandriva.com/security/advisories?name=MDKSA-2006:103
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.redhat.com/support/errata/RHSA-2006-0543.html
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://www.securityfocus.com/archive/1/436288/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/18290
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.trustix.org/errata/2006/0034/
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2006/2148
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27008
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184
Source: af854a3a-2127-422b-91ae-364da2661108

38 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
75.8%
99th percentile
Exploitation Status
Not in CISA KEV

Affected Vendors

apache