Intrusion Prevention

SpamAssassin.Vpopmail.Paranoid.Options.Code.Execution

Description

This indicates an attack attempt against a remote-command execution vulnerability in SpamAssassin.
SpamAssassin is a Perl-based application which is used to filter mails for users.
A vulnerability has been reported in SpamAssassin that may allow an attacker to execute shell commands on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "User" field in the SPAMC protocol. An attacker may include shell commands by supplying an injection string through the request to SPAMD.

Affected Products

SpamAssassin versions prior to 3.1.3
SpamAssassin versions prior to 3.0.6

Impact

System Comprise:Remote attackers can gain control of the vulnerable system.

Recommended Actions

Upgrade to the latest version, available from the web site:
SpamAssassin version 3.1.3 or 3.0.6 :
http://spamassassin.apache.org/downloads.cgi?update=200606050750

CVE References

CVE-2006-2447