Fluid Attacks Database

Description

SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	spamassassin	>=0 <3.2.1-1	3.2.1-1
debian 13	spamassassin	>=0 <3.2.1-1	3.2.1-1
debian 14	spamassassin	>=0 <3.2.1-1	3.2.1-1
debian 12	spamassassin	>=0 <3.2.1-1	3.2.1-1
rpm rhel5	spamassassin	<0:3.1.9-1.el5	0:3.1.9-1.el5

Aliases

1. CVE-2007-28732. NVD-2007-28733. OSV-DEBIAN-2007-28734. OSV-2007-28735. SECURITY-TRACKER-CVE-2007-2873

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.