CVE Vulnerabilities

CVE-2007-2873

Published: Jun 11, 2007 | Modified: Oct 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
1.9 LOW
AV:L/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd.

Affected Software

Name Vendor Start Version End Version
Spamassassin Spamassassin 3.1.0 3.1.0
Spamassassin Spamassassin 3.1.1 3.1.1
Spamassassin Spamassassin 3.1.2 3.1.2
Spamassassin Spamassassin 3.1.3 3.1.3
Spamassassin Spamassassin 3.1.4 3.1.4
Spamassassin Spamassassin 3.1.5 3.1.5
Spamassassin Spamassassin 3.1.6 3.1.6
Spamassassin Spamassassin 3.1.7 3.1.7
Spamassassin Spamassassin 3.1.8 3.1.8
Spamassassin Spamassassin 3.1.9 3.1.9
Spamassassin Spamassassin 3.2.0 3.2.0
Spamassassin Spamassassin 3.2.1 3.2.1
Red Hat Enterprise Linux 4 RedHat spamassassin-0:3.1.9-1.el4 *
Red Hat Enterprise Linux 5 RedHat spamassassin-0:3.1.9-1.el5 *
Spamassassin Ubuntu dapper *
Spamassassin Ubuntu devel *
Spamassassin Ubuntu edgy *
Spamassassin Ubuntu feisty *
Spamassassin Ubuntu gutsy *
Spamassassin Ubuntu hardy *
Spamassassin Ubuntu intrepid *
Spamassassin Ubuntu jaunty *
Spamassassin Ubuntu karmic *

References