CVE-2006-2447

EPSS 75.8%

spamassassin - programming error

Published: 6/6/2006Modified: 4/28/2026

Also known as:DEBIAN-CVE-2006-2447

Description

SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.

Affected packages (2)

Debian/spamassassinfrom 0, < 3.1.3-1
Debian/spamassassinfrom 0, < 3.0.3-2sarge1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2006-2447