Double Precision Courier MTA Invalid Year DoS

2002-05-31T00:00:00
ID OSVDB:5052
Type osvdb
Reporter ZARAZA(zaraza@security.nnov.ru)
Modified 2002-05-31T00:00:00

Description

Vulnerability Description

Courier MTA contains a flaw that may allow a remote denial of service. The issue is triggered when the MTA enters in a loop situation while processing date formats with unusually large years, and will result in loss of availability for the service.

Solution Description

Upgrade to version 0.38.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Courier MTA contains a flaw that may allow a remote denial of service. The issue is triggered when the MTA enters in a loop situation while processing date formats with unusually large years, and will result in loss of availability for the service.

References:

Vendor URL: http://www.courier-mta.org Other Advisory URL: http://www.security.nnov.ru/advisories/courier.asp Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-05/0295.html Keyword: smtp ISS X-Force ID: 9228 Generic Informational URL: http://cvs.sourceforge.net/viewcvs.py/checkout/courier/courier/courier/ChangeLog?content-type=text%2Fplain&rev=1.379 Generic Informational URL: http://sourceforge.net/project/shownotes.php?release_id=93065 CVE-2002-0914 Bugtraq ID: 4908