Advisory ROSA-SA-2021-1954

Software: postfix 2.10.1 OS: Cobalt 7.9 CVE-ID: CVE-2017-10140 CVE-Crit: HIGH CVE-DESC: Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 may allow local users to gain privileges using undocumented features in Berkeley DB 2. x and later related to reading...

CVE-2021-35525

PostSRSd before 1.11 allows a denial of service subprocess hang if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger...

DEBIAN-CVE-2021-35525

PostSRSd before 1.11 allows a denial of service subprocess hang if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger...

CVE-2021-35525

PostSRSd before 1.11 allows a denial of service subprocess hang if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger...

CVE-2021-35525

PostSRSd before 1.11 allows a denial of service subprocess hang if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger...

Race condition

PostSRSd before 1.11 allows a denial of service subprocess hang if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger...

UBUNTU-CVE-2021-35525

PostSRSd before 1.11 allows a denial of service subprocess hang if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger...

CVE-2021-35525

CVE-2021-35525 concerns PostSRSd prior to 1.11. The vulnerability causes a denial of service (subprocess hang) when Postfix sends certain long data fields, such as multiple concatenated email addresses. The issue originates from PostSRSd itself, described as a security bug, with uncertainty about...

CVE-2021-35525

PostSRSd before 1.11 allows a denial of service subprocess hang if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger...

Roehling PostSRSd 安全漏洞

Roehling Postsrsd is a C-based program by Roehling's personal developer that provides reverse SRS functionality for mail servers. PostSRSd suffers from a denial of service vulnerability that stems from a problem caused by Postfix sending certain long data fields, such as email addresses for...

postfix bug fix and enhancement update

An update is available for postfix. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...

postfix bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

[SECURITY] Fedora 33 Update: spamassassin-3.4.5-1.fc33

SpamAssassin provides you with a way to reduce if not completely eliminate Unsolicited Commercial Email SPAM from your incoming email. It can be invoked by a MDA such as sendmail or postfix, or can be called from a procmail script, .forward file, etc. It uses a genetic-algorithm evolved scoring...

Lightmeter ControlCenter 安全漏洞

Lightmeter ControlCenter is a Lightmeter open source application . A monitoring and analysis system for Postfix mail servers . A security vulnerability exists in Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1, which stems from the fact that anyone who knows the URL of a publicly...

postfix bug fix and enhancement update

The postfix packages provide a Mail Transport Agent MTA, which supports protocols like LDAP, SMTP AUTH SASL, and TLS. Bug Fixes and Enhancements: backport TLS 1.3 support to postfix 3.3.1 as provided in 3.3.2 BZ1919233...

USN-4730-1: PostSRSd vulnerability

It was discovered that PostSRSd mishandled certain input. A remote attacker could use this vulnerability to cause a denial of service via a long timestamp tag in an SRS address...

Debian DLA-2502-1 : postsrsd security update

A potential denial of service attack through malicious timestamp tags was fixed in PostSRSd, a Sender Rewriting Scheme SRS lookup table for Postfix. For Debian 9 stretch, this problem has been fixed in version 1.4-1+deb9u1. We recommend that you upgrade your postsrsd packages. For the detailed...

PortSwigger Web Security: SMTP interaction theft via MITM

See http://www.postfix.org/CVE-2011-0411.html for adetailled description. Impact MitM could obtain user credentials...

CVE-2020-12063

For some of the Postfix configurations, the remote user can send e-mails pretending to be someone else or even using non-existing user name with some homoglyph characters. One of the discussed problems that Postfix params "smtpdsenderloginmaps" and "smtpdsenderrestrictions" looks useless because...

postfix.1071664.n5.nabble.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1181435 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...