← volver
CVE-2006-2447

CVE-2006-2447

EPSS 74.3%
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
Productos afectados
n/a · n/a
PoCs públicas encontradas2
exploitdbwww.exploit-db.com/exploits/16920no verificadoexploitdbwww.exploit-db.com/exploits/9914no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://secunia.com/advisories/20430http://secunia.com/advisories/20443http://secunia.com/advisories/20482http://secunia.com/advisories/20531http://secunia.com/advisories/20566http://secunia.com/advisories/20692http://securitytracker.com/id?1016230http://securitytracker.com/id?1016235https://exchange.xforce.ibmcloud.com/vulnerabilities/27008https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184http://www.debian.org/security/2006/dsa-1090http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml