Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194290 Summary: CVE-2006-2447 spamassassin arbitrary command execution Product: Fedora Core Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: spamassassin AssignedTo: wtogami@xxxxxxxxxx ReportedBy: bressers@xxxxxxxxxx CC: fedora-perl-devel- list@xxxxxxxxxx,felicity@xxxxxxxxx,jm@xxxxxxxxxx,parkerm @pobox.com,reg+redhat@xxxxxxxxxx,security-response- team@xxxxxxxxxx,wtogami@xxxxxxxxxx +++ This bug was initially created as a clone of Bug #193865 +++ CVE-2006-2447 spamassassin arbitrary command execution If spamd is run with the "-v" / "--vpopmail" switch, AND with the "-P" / "--paranoid" switch It becomes possible to execute arbitrary commands as the user spamd is running as. This issue is mitigated by the fact that no imap servers as shipped with RHEL support vpopmail. These options are also not the default spamd options when it is started as a service. This issue should also affect FC4 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
