CVE-2005-1515
Published: 24 May 2020
Integer signedness error in the qmail_put and substdio_put functions in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of SMTP RCPT TO commands.
From the Ubuntu Security Team
It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code.
Priority
Status
Package | Release | Status |
---|---|---|
netqmail Launchpad, Ubuntu, Debian |
bionic |
Released
(1.06-6.2~deb10u1build0.18.04.1)
|
focal |
Released
(1.06-6.2~deb10u1build0.20.04.1)
|
|
groovy |
Does not exist
|
|
trusty |
Released
(1.06-6.2~deb10u1build0.14.04.1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(1.06-6.2, 1.6-6.2~deb10u1, 1.6-6.2~deb9u1, 1.6-6.2~deb8u1,,,)
|
|
xenial |
Released
(1.06-6.2~deb10u1build0.16.04.1)
|
|
qmail Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(1.03-38)
|
|
xenial |
Does not exist
|