Debian DSA-784-1 : courier - programming error

2005-08-3000:00:00

www.tenable.com

A problem has been discovered in the Courier Mail Server. DNS failures were not handled properly when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.
The default configuration on Debian has SPF checking disabled, so most machines are not vulnerable. This is explained in the ‘courier’ manpage, section SENDER POLICY FRAMEWORK KEYWORDS.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-784. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(19527);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2005-2151");
  script_xref(name:"DSA", value:"784");

  script_name(english:"Debian DSA-784-1 : courier - programming error");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A problem has been discovered in the Courier Mail Server. DNS failures
were not handled properly when looking up Sender Policy Framework
(SPF) records, which could allow attackers to cause memory corruption.
The default configuration on Debian has SPF checking disabled, so most
machines are not vulnerable. This is explained in the 'courier'
manpage, section SENDER POLICY FRAMEWORK KEYWORDS."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=320290"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2005/dsa-784"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the courier-mta package.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 0.47-4sarge1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:courier");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/08/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/08/30");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/07/02");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.1", prefix:"courier-authdaemon", reference:"0.47-4sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"courier-authmysql", reference:"0.47-4sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"courier-authpostgresql", reference:"0.47-4sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"courier-base", reference:"0.47-4sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"courier-doc", reference:"0.47-4sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"courier-faxmail", reference:"0.47-4sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"courier-imap", reference:"3.0.8-4sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"courier-imap-ssl", reference:"3.0.8-4sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"courier-ldap", reference:"0.47-4sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"courier-maildrop", reference:"0.47-4sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"courier-mlm", reference:"0.47-4sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"courier-mta", reference:"0.47-4sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"courier-mta-ssl", reference:"0.47-4sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"courier-pcp", reference:"0.47-4sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"courier-pop", reference:"0.47-4sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"courier-pop-ssl", reference:"0.47-4sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"courier-ssl", reference:"0.47-4sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"courier-webadmin", reference:"0.47-4sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"sqwebmail", reference:"0.47-4sarge1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
debiandebian_linuxcourierp-cpe:/a:debian:debian_linux:courier
debiandebian_linux3.1cpe:/o:debian:debian_linux:3.1

Vendor	Product	Version	CPE
debian	debian_linux	courier	p-cpe:/a:debian:debian_linux:courier
debian	debian_linux	3.1	cpe:/o:debian:debian_linux:3.1

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=320290

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2151

www.debian.org/security/2005/dsa-784

JSON

Related for DEBIAN_DSA-784.NASL