发布日期：2006-06-06
更新日期：2006-06-06

受影响系统：

SpamAssassin SpamAssassin 3.1.x < 3.1.3
SpamAssassin SpamAssassin 3.0.x < 3.0.6
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux Desktop 4
RedHat Enterprise Linux AS 4

不受影响系统：

SpamAssassin SpamAssassin 3.1.3
SpamAssassin SpamAssassin 3.0.6

描述：

---

BUGTRAQ  ID: 18290
CVE(CAN) ID: CVE-2006-2447

SpamAssassin是一款用于过滤垃圾邮件的解决方案。

Spamassassin的spamd守护程序处理对其传送的虚拟pop用户名的方式存在漏洞。如果站点运行着有--vpopmail和--paranoid标记的spamd的话，能够连接到spamd守护程序的远程用户就可以以运行spamd用户的权限执行任意命令。

<*链接：http://www.nabble.com/forum/ViewPost.jtp?post=4717572
        http://www.nabble.com/forum/ViewPost.jtp?post=4717543
        http://www.auscert.org.au/render.html?it=6373
        http://www.debian.org/security/2006/dsa-1090
        http://security.gentoo.org/glsa/glsa-200606-09.xml
*>

建议：

---

厂商补丁：

Debian
------
Debian已经为此发布了一个安全公告（DSA-1090-1）以及相应补丁:
DSA-1090-1：New spamassassin packages fix remote command execution
链接：http://www.debian.org/security/2005/dsa-1090

补丁下载：

Source archives:

http://security.debian.org/pool/updates/main/s/spamassassin/spamassassin_3.0.3-2sarge1.dsc
Size/MD5 checksum:      788 f9cce6d19fd73d0d62561a14672e9564
http://security.debian.org/pool/updates/main/s/spamassassin/spamassassin_3.0.3-2sarge1.diff.gz
Size/MD5 checksum:    45414 8804e76766eefa4324509b94dc005afa
http://security.debian.org/pool/updates/main/s/spamassassin/spamassassin_3.0.3.orig.tar.gz
Size/MD5 checksum:   999558 ca96f23cd1eb7d663ab55db98ef8090c

Architecture independent components:

http://security.debian.org/pool/updates/main/s/spamassassin/spamassassin_3.0.3-2sarge1_all.deb
Size/MD5 checksum:   769158 c4f10367da201b11d09a1c15da946f3b

Alpha architecture:

http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2sarge1_alpha.deb
Size/MD5 checksum:    61720 3415e7c2962d21b897c6301c8ce88d8c

AMD64 architecture:

http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2sarge1_amd64.deb
Size/MD5 checksum:    59700 4ee41384f107a46440c74bd2c6ff3cd4

ARM architecture:

http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2sarge1_arm.deb
Size/MD5 checksum:    58494 909e85063300d2ddfc38270e19f39b9c

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2sarge1_i386.deb
Size/MD5 checksum:    57626 adb71b8190e535646d936333da1180ca

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2sarge1_ia64.deb
Size/MD5 checksum:    65166 63435fc25e69eb3dcbdd95b9f682fbe5

HP Precision architecture:

http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2sarge1_hppa.deb
Size/MD5 checksum:    60366 7eb8b16a9701e96f2298cb0506bc2aa9

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2sarge1_m68k.deb
Size/MD5 checksum:    57672 66ca12aa5edec5380b6d8eb959fab045

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2sarge1_mips.deb
Size/MD5 checksum:    60362 98cf7bd2a3db3fa65b9f6ded3891a695

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2sarge1_mipsel.deb
Size/MD5 checksum:    60354 47bc85b216aad03d54f2a7a342cef760

PowerPC architecture:

http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2sarge1_powerpc.deb
Size/MD5 checksum:    60730 c408427db34e9d38c982190c8e8ff8d5

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2sarge1_s390.deb
Size/MD5 checksum:    59574 b3fc066015148c10ad11d4055a1a2289

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2sarge1_sparc.deb
Size/MD5 checksum:    58492 a20e3d4ed9fd9a9d013f380e0f4b3c33

补丁安装方法：

1. 手工安装补丁包：

  首先，使用下面的命令来下载补丁软件：
  # wget url  (url是补丁下载链接地址)

  然后，使用下面的命令来安装补丁：  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包：

   首先，使用下面的命令更新内部数据库：
   # apt-get update
  
   然后，使用下面的命令安装更新软件包：
   # apt-get upgrade

RedHat
------
http://www.debian.org/security/2006/dsa-1090

Gentoo
------
Gentoo已经为此发布了一个安全公告（GLSA-200606-09）以及相应补丁:
GLSA-200606-09：SpamAssassin: Execution of arbitrary code
链接：http://security.gentoo.org/glsa/glsa-200606-09.xml

所有SpamAssassin用户都应升级到最新版本:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=mail-filter/spamassassin-3.1.3"

SpamAssassin
------------
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

* SpamAssassin Mail-SpamAssassin-3.0.6.tar.gz
http://apache.mirror.rafal.ca/spamassassin/source/Mail-SpamAssassin-3.0.6.tar.gz

* SpamAssassin Mail-SpamAssassin-3.1.3.tar.gz
http://apache.mirror.rafal.ca/spamassassin/source/Mail-SpamAssassin-3.1.3.tar.gz

浏览次数：3715
严重程度：0（网友投票）