SpamAssassin Vpopmail and Paranoid Switches Remote Command Execution Vulnerability

Bugtraq ID:	18290
Class:	Design Error
CVE:	CVE-2006-2447
Remote:	Yes
Local:	No
Published:	Jun 06 2006 12:00AM
Updated:	Nov 23 2006 08:05PM
Credit:	This issue was disclosed by the vendor.
Vulnerable:	Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 SpamAssassin SpamAssassin 3.1.2 SpamAssassin SpamAssassin 3.1.1 SpamAssassin SpamAssassin 3.1 SpamAssassin SpamAssassin 3.0.5 SpamAssassin SpamAssassin 3.0.4 SpamAssassin SpamAssassin 3.0.3 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 amd64 + Debian Linux 3.1 alpha + Debian Linux 3.1 SpamAssassin SpamAssassin 3.0.2 SpamAssassin SpamAssassin 3.0.1 SpamAssassin SpamAssassin 3.0 SpamAssassin SpamAssassin 2.64 SpamAssassin SpamAssassin 2.63 SpamAssassin SpamAssassin 2.60 SpamAssassin SpamAssassin 2.55 SpamAssassin SpamAssassin 2.50 0 SpamAssassin SpamAssassin 2.44 SpamAssassin SpamAssassin 2.43 0 + Gentoo Linux 1.4 _rc2 + Gentoo Linux 1.4 _rc1 SpamAssassin SpamAssassin 2.42 0 SpamAssassin SpamAssassin 2.41 0 SpamAssassin SpamAssassin 2.40 rPath rPath Linux 1 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux AS 4 RedHat Desktop 4.0 MandrakeSoft Linux Mandrake 2006.0 x86_64 MandrakeSoft Linux Mandrake 2006.0 MandrakeSoft Linux Mandrake 10.2 x86_64 MandrakeSoft Linux Mandrake 10.2 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1

Not Vulnerable:	SpamAssassin SpamAssassin 3.1.3 SpamAssassin SpamAssassin 3.0.6