[SECURITY] [DSA 1042-1] New Cyrus SASL packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 1042-1 [email protected] http://www.debian.org/security/ Martin Schulze April 25th, 2006 http://www.debian.org/security/faq -...

[Full-disclosure] [MU-200604-01] Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service MU-200604-01 April 7, 2006 http://labs.musecurity.com/advisories.html Affected Product/Versions: cyrus-sasl-2.1.18 Product Overview: SASL Simple Authentication Security Layer is an Internet...

SUSE-SA:2006:017: sendmail

The remote host is missing the patch for the advisory SUSE-SA:2006:017 sendmail. The popular MTA sendmail is vulnerable to a race condition when handling signals. Under certain circumstances this bug can be exploited by an attacker to execute commands remotely. Sendmail was the default MTA in SuS...

Ubuntu 4.10 : postfix vulnerability (USN-74-2)

This is an update to the recently published Ubuntu Security Notice USN-74-1, which fixed the delivery of arbitrary mail to any MX host which has an IPv6 address. Unfortunately that upgrade revealed an error in the package upgrade system which caused package installation to fail. After the failed...

Ubuntu 4.10 : postfix vulnerability (USN-74-1)

Jean-Samuel Reynaud noticed a programming error in the IPv6 handling code of Postfix when /proc/net/ifinet6 is not available which is the case in Ubuntu since Postfix runs in a chroot. If 'permitmxbackup' was enabled in the 'smtpdrecipientrestrictions', Postfix turned into an open relay, i. e...

CVE-2005-0337

Postfix 2.1.3, when /proc/net/ifinet6 is not available and permitmxbackup is enabled in smtpdrecipientrestrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname...

CVE-2005-0337

Postfix 2.1.3, when /proc/net/ifinet6 is not available and permitmxbackup is enabled in smtpdrecipientrestrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname...

DEBIAN-CVE-2005-0337

Postfix 2.1.3, when /proc/net/ifinet6 is not available and permitmxbackup is enabled in smtpdrecipientrestrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname...

CVE-2005-1127

Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server Postgrey 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service crash via format string specifiers that are not properly handl...

CVE-2005-0337

Postfix 2.1.3, when /proc/net/ifinet6 is not available and permitmxbackup is enabled in smtpdrecipientrestrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname...

gld / postgrey antispam greylisting daemon for Postfix multiple vulnerabilities

Multiple buffer overflows, format string bugs...

CVE-2005-1127

Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server Postgrey 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service crash via format string specifiers that are not properly handl...

CVE-2005-1127

CVE-2005-1127 covers a format-string vulnerability in the log function of the perl-Net-Server module (versions ≤ 0.87) as used by Postfix Greylisting Policy Server (Postgrey) ≤ 1.18. The issue arises from format specifiers not being properly handled before sending to syslog, allowing remote attac...

CVE-2004-1088

Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information...

CVE-2004-1088

Postfix server for Apple Mac OS X 10.3.6 vulnerable when using CRAM-MD5: remote attackers can send mail without authentication by replaying authentication information. Reported CVSSv2 base score 7.5 (HIGH) with network attack vector and low attack complexity. The provided documents do not specify...

gld 1.4 (Postfix Greylisting Daemon) Remote Format String Exploit

Exploit for linux platform in category remote exploits ================================================================= gld 1.4 Postfix Greylisting Daemon Remote Format String Exploit ================================================================= / 0x82-meOw-linuxerforever - gld 1.4 remote...

GLD (Greylisting daemon for Postfix) multiple vulnerabilities.

======================================== INetCop Security Advisory 2005-0x82-026 ======================================== Title: GLD Greylisting daemon for Postfix multiple vulnerabilities. 0x01. Description About: Gld is a standalone greylisting server for Postfix. Greylisting is a new weapon to...

gld 1.4 - Postfix Greylisting Daemon Remote Format String

/ 0x82-meOw-linuxerforever - gld 1.4 remote overflow format string exploit. c 2005 Team INetCop Security. Nickname of this code is, Kill two bird with one stone.' or, One shot, two kill!.' hehehe ;-D Advisory URL: http://x82.inetcop.org/h0me/adv1sor1es/INCSA.2005-0x82-026-GLD.txt It's as well as...

Salim Gasmi GLD 1.0 - 1.4 Postfix Greylisting Buffer Overflow

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

Salim Gasmi GLD (Greylisting Daemon) 1.0 1.4 - Postfix Greylisting Buffer Overflow (Metasploit)

Salim Gasmi GLD Greylisting Daemon 1.0 1.4 - Postfix Greylisting Buffer Overflow Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...