Signature Detail

SMTP: SpamAssassin Injection

This signature detects attempts to exploit a known vulnerability against SpamAssassin. A successful attack can lead to arbitrary code execution.

Extended Description

SpamAssassin is prone to an arbitrary-command-execution vulnerability. This issue is due to an error in the application when processing a specially formatted input message when certain switches are set. An attacker can exploit this issue to execute arbitrary comannds on the vulnerable computer with the privileges of the affected application.

Affected Products

• Debian Linux 3.1.0
• Debian Linux 3.1.0 Alpha
• Debian Linux 3.1.0 Amd64
• Debian Linux 3.1.0 Arm
• Debian Linux 3.1.0 Hppa
• Debian Linux 3.1.0 Ia-32
• Debian Linux 3.1.0 Ia-64
• Debian Linux 3.1.0 M68k
• Debian Linux 3.1.0 Mips
• Debian Linux 3.1.0 Mipsel
• Debian Linux 3.1.0 Ppc
• Debian Linux 3.1.0 S/390
• Debian Linux 3.1.0 Sparc
• Gentoo Linux
• Mandriva Corporate Server 3.0.0
• Mandriva Corporate Server 3.0.0 X86 64
• Mandriva Linux Mandrake 10.2.0
• Mandriva Linux Mandrake 10.2.0 X86 64
• Mandriva Linux Mandrake 2006.0.0
• Mandriva Linux Mandrake 2006.0.0 X86 64
• Red Hat Desktop 4.0.0
• Red Hat Enterprise Linux AS 4
• Red Hat Enterprise Linux ES 4
• Red Hat Enterprise Linux WS 4
• rPath rPath Linux 1
• SpamAssassin 2.40.0
• SpamAssassin 2.41.0 0
• SpamAssassin 2.42.0 0
• SpamAssassin 2.43.0 0
• SpamAssassin 2.44.0
• SpamAssassin 2.50.0 0
• SpamAssassin 2.55.0
• SpamAssassin 2.60.0
• SpamAssassin 2.63.0
• SpamAssassin 2.64.0
• SpamAssassin 3.0.0
• SpamAssassin 3.0.1
• SpamAssassin 3.0.2
• SpamAssassin 3.0.3
• SpamAssassin 3.0.4
• SpamAssassin 3.0.5
• SpamAssassin 3.1.0
• SpamAssassin 3.1.1
• SpamAssassin 3.1.2
• Trustix Secure Linux 2.2.0
• Trustix Secure Linux 3.0.0

References

• BugTraq: 18290
• CVE: CVE-2006-2447