CVE-2006-2447
spamassassin - programming error
EPSS 75.8%
Description
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
How to fix CVE-2006-2447
To remediate CVE-2006-2447, upgrade the affected package to a fixed version below.
- Debian/spamassassin—upgrade to 3.1.3-1 or later
- Debian/spamassassin—upgrade to 3.0.3-2sarge1 or later
Is CVE-2006-2447 being exploited?
Likely — EPSS is 75.8%, placing CVE-2006-2447 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 3.1.3-1
- from 0, < 3.0.3-2sarge1