SpamAssassin prior to 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote malicious users to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache spamassassin 3.1.2 |
||
apache spamassassin 3.1.0 |
||
apache spamassassin 3.1.1 |