Mandriva Update For Spamassassin MDKSA-2007:125 (spamassassin) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

SpamAssassin 3.1.x, when running as root with unusual configuration options using vpopmail or virtual users, could allow local users to cause a denial of service (via corrupting arbitrary files) using a symlink attack on a file used by spamd. SpamAssassin 3.1.9, which corrects this flaw, is provided with this update.

Affected

spamassassin on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64

Severity

Classification

CVE CVE-2007-2873

CVSS	Base Score: 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Mandriva Update for mutt MDKSA-2007:113 (mutt)
Mandriva Update for cifs-utils MDVSA-2012:069 (cifs-utils)
Mandriva Update for gnucash MDKSA-2007:046 (gnucash)
Mandriva Update for evolution MDVA-2010:047 (evolution)
Mandriva Update for wml MDVSA-2008:076 (wml)

Mandriva Update for spamassassin MDKSA-2007:125 (spamassassin)

Take action and discover your vulnerabilities