FreeBSD Bugzilla – Attachment 214823 Details for
Bug 245010
mail/qmail: Fixes CVE-2005-1513 to CVE-2005-1513, mail/qmail-tls and mail/qmail: Update TLS patch
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
vuxml entries for the cve
qmail-vuxml.xml (text/plain), 4.94 KB, created by
Dirk Engling
on 2020-05-24 23:25:39 UTC
(
hide
)
Description:
vuxml entries for the cve
Filename:
MIME Type:
Creator:
Dirk Engling
Created:
2020-05-24 23:25:39 UTC
Size:
4.94 KB
patch
obsolete
> <vuln vid="8db2f8b2-9e12-11ea-9e83-0cc47ac16c9d"> > <topic>qmail -- 64 bit integer overflows with possible remote code execution on large SMTP requests</topic> > <affects> > <package> > <name>netqmail</name> > <range><le>1.06_4</le></range> > </package> > </affects> > <description> > <body xmlns="http://www.w3.org/1999/xhtml"> > <p>Georgi Guninski writes:</p> > <blockquote cite="http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html"> > <p>There are several issues with qmail on 64 bit platforms - classical integer overflow, pointer with signed index and signedness problem (not counting the memory consumtion dos, which just helps).</p> > <p>Update: the problem with the signed index is exploitable on Freebsd 5.4 amd64 wih a lot of virtual memory.</p> > </blockquote> > <p>The national vulnaribility database summarizes:</p> > <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2005-1513"> > <p>Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request.</p> > </blockquote> > </body> > </description> > <references> > <url>http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html</url> > <url>https://www.qualys.com/2020/05/19/cve-2005-1513/remote-code-execution-qmail.txt</url> > <cvename>CVE-2005-1513</cvename> > <cvename>CVE-2005-1514</cvename> > <cvename>CVE-2005-1515</cvename> > </references> > <dates> > <discovery>2005-05-06</discovery> > <entry>2005-05-11</entry> > </dates> > </vuln> > > <vuln vid="b495af21-9e10-11ea-9e83-0cc47ac16c9d"> > <topic>qmail -- 64 bit integer overflows with possible remote code execution on large SMTP requests</topic> > <affects> > <package> > <name>netqmail-tls</name> > <range><le>1.06.20160918_2</le></range> > </package> > </affects> > <description> > <body xmlns="http://www.w3.org/1999/xhtml"> > <p>Georgi Guninski writes:</p> > <blockquote cite="http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html"> > <p>There are several issues with qmail on 64 bit platforms - classical integer overflow, pointer with signed index and signedness problem (not counting the memory consumtion dos, which just helps).</p> > <p>Update: the problem with the signed index is exploitable on Freebsd 5.4 amd64 wih a lot of virtual memory.</p> > </blockquote> > <p>The national vulnaribility database summarizes:</p> > <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2005-1513"> > <p>Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request.</p> > </blockquote> > </body> > </description> > <references> > <url>http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html</url> > <url>https://www.qualys.com/2020/05/19/cve-2005-1513/remote-code-execution-qmail.txt</url> > <cvename>CVE-2005-1513</cvename> > <cvename>CVE-2005-1514</cvename> > <cvename>CVE-2005-1515</cvename> > </references> > <dates> > <discovery>2005-05-06</discovery> > <entry>2005-05-11</entry> > </dates> > </vuln> > > <vuln vid="d6540411-9e10-11ea-9e83-0cc47ac16c9d"> > <topic>qmail -- 64 bit integer overflows with possible remote code execution on large SMTP requests</topic> > <affects> > <package> > <name>netqmail-mysql</name> > <range><le>1.06.1.1.15_1</le></range> > </package> > </affects> > <description> > <body xmlns="http://www.w3.org/1999/xhtml"> > <p>Georgi Guninski writes:</p> > <blockquote cite="http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html"> > <p>There are several issues with qmail on 64 bit platforms - classical integer overflow, pointer with signed index and signedness problem (not counting the memory consumtion dos, which just helps).</p> > <p>Update: the problem with the signed index is exploitable on Freebsd 5.4 amd64 wih a lot of virtual memory.</p> > </blockquote> > <p>The national vulnaribility database summarizes:</p> > <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2005-1513"> > <p>Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request.</p> > </blockquote> > </body> > </description> > <references> > <url>http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html</url> > <url>https://www.qualys.com/2020/05/19/cve-2005-1513/remote-code-execution-qmail.txt</url> > <cvename>CVE-2005-1513</cvename> > <cvename>CVE-2005-1514</cvename> > <cvename>CVE-2005-1515</cvename> > </references> > <dates> > <discovery>2005-05-06</discovery> > <entry>2005-05-11</entry> > </dates> > </vuln> >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=214823">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 245010
:
212650
|
214688
|
214689
|
214690
|
214822
| 214823