fkie_nvd - fkie_cve-2007-2873

fkie_cve-2007-2873

Vulnerability from fkie_nvd

Published

2007-06-11 23:30

Modified

2025-04-09 00:30

Severity ?

Summary

SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd.

References

▶	URL	Tags
	secalert@redhat.com	http://osvdb.org/37234
	secalert@redhat.com	http://spamassassin.apache.org/advisories/cve-2007-2873.txt
	secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDKSA-2007:125
	secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2007-0492.html
	secalert@redhat.com	http://www.securityfocus.com/bid/24481
	secalert@redhat.com	http://www.securitytracker.com/id?1018242
	secalert@redhat.com	http://www.vupen.com/english/advisories/2007/2172
	secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/34864
	secalert@redhat.com	https://issues.rpath.com/browse/RPL-1450
	secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10354
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/37234
	af854a3a-2127-422b-91ae-364da2661108	http://spamassassin.apache.org/advisories/cve-2007-2873.txt
	af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2007:125
	af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2007-0492.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24481
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018242
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2172
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34864
	af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-1450
	af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10354

Impacted products

Vendor	Product	Version
spamassassin	spamassassin	3.1.0
spamassassin	spamassassin	3.1.1
spamassassin	spamassassin	3.1.2
spamassassin	spamassassin	3.1.3
spamassassin	spamassassin	3.1.4
spamassassin	spamassassin	3.1.5
spamassassin	spamassassin	3.1.6
spamassassin	spamassassin	3.1.7
spamassassin	spamassassin	3.1.8
spamassassin	spamassassin	3.1.9
spamassassin	spamassassin	3.2.0
spamassassin	spamassassin	3.2.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:spamassassin:spamassassin:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F616F8E-1B02-426D-B374-626670FFEE24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spamassassin:spamassassin:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E97D6EBA-6DB9-4165-8BBB-17E9F49A6748",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spamassassin:spamassassin:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C60F596-D3BA-42F6-BFD0-3A7F469449B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spamassassin:spamassassin:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "69E3D03E-5578-47AB-ACA7-51D792E36F27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spamassassin:spamassassin:3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C481915-8F44-4D7F-AFA3-FE1CC4BD876D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spamassassin:spamassassin:3.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D21D3D-E250-49FE-9075-F2DBA57F5550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spamassassin:spamassassin:3.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F1CF488-8074-4AEA-B7DB-E966E7D23B80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spamassassin:spamassassin:3.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F92E7329-EA19-4FE5-AAD0-ACA3E7497766",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spamassassin:spamassassin:3.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4F0FD10-EFCA-46BD-ACD9-E04A0F65B5C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spamassassin:spamassassin:3.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA80E97B-6FD1-4655-9C29-302FA60C6345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spamassassin:spamassassin:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF487853-FE1A-47A8-8E60-8A6D2E0284E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spamassassin:spamassassin:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCF23DBD-FE7A-4940-8F6C-B13E5DDEFC7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd."
    },
    {
      "lang": "es",
      "value": "SpamAssassin 3.1.x, 3.2.0, y 3.2.1 anterior a 20070611, cuando funciona como root en configuraciones habituales utilizando usuarios vpopmail o virtuales, permite a usuarios locales provocar denegaci\u00f3n de servicio (archivos de su elecci\u00f3n corruptos) a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre un fichero que es utlizada por spamd."
    }
  ],
  "id": "CVE-2007-2873",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 1.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-06-11T23:30:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/37234"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://spamassassin.apache.org/advisories/cve-2007-2873.txt"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:125"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0492.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/24481"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1018242"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/2172"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34864"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://issues.rpath.com/browse/RPL-1450"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10354"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37234"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://spamassassin.apache.org/advisories/cve-2007-2873.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:125"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0492.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018242"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34864"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1450"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10354"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2007-2873 (GCVE-0-2007-2873)

Vulnerability from cvelistv5

Published

2007-06-11 23:00