Lucene search

Gentoo FoundationGLSA-200608-06

HistoryAug 04, 2006 - 12:00 a.m.

Courier MTA: Denial of Service vulnerability

2006-08-0400:00:00

Gentoo Foundation

security.gentoo.org

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.086 Low

EPSS

Percentile

94.4%

JSON

Background

Courier MTA is an integrated mail and groupware server based on open protocols.

Description

Courier MTA has fixed a security issue relating to usernames containing the “=” character, causing high CPU utilization.

Impact

An attacker could exploit this vulnerability by sending a specially crafted email to a mail gateway running a vulnerable version of Courier MTA.

Workaround

There is no known workaround at this time.

Resolution

All Courier MTA users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=mail-mta/courier-0.53.2"

OSVersionArchitecturePackageVersionFilename
Gentooanyallmail-mta/courier< 0.53.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	mail-mta/courier	< 0.53.2	UNKNOWN

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.086 Low

EPSS

Percentile

94.4%

JSON

Related for GLSA-200608-06