• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

SpamAssassin Local Symlink Attack And Denial of Service Vulnerability

Bugtraq ID:	24481
Class:	Design Error
CVE:	CVE-2007-2873
Remote:	No
Local:	Yes
Published:	Jun 14 2007 12:00AM
Updated:	Jun 15 2007 04:39PM
Credit:	Martin F. Krafft of Debian reported this vulnerability.
Vulnerable:	SpamAssassin SpamAssassin 3.2 SpamAssassin SpamAssassin 3.1.9 SpamAssassin SpamAssassin 3.1.8 SpamAssassin SpamAssassin 3.1.7 SpamAssassin SpamAssassin 3.1.6 SpamAssassin SpamAssassin 3.1.5 SpamAssassin SpamAssassin 3.1.4 SpamAssassin SpamAssassin 3.1.3 SpamAssassin SpamAssassin 3.1.2 SpamAssassin SpamAssassin 3.1.1 SpamAssassin SpamAssassin 3.1 rPath rPath Linux 1 RedHat Fedora 7 0 RedHat Fedora Core6 RedHat Fedora Core5 MandrakeSoft Linux Mandrake 2007.1 x86_64 MandrakeSoft Linux Mandrake 2007.1 MandrakeSoft Linux Mandrake 2007.0 x86_64 MandrakeSoft Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0
Not Vulnerable:	SpamAssassin SpamAssassin 3.2.1