Salim Gasmi GLD (Greylisting Daemon) 1.x - Postfix Greylisting Daemon Buffer Overflow

// source: https://www.securityfocus.com/bid/13129/info It is reported that GLD contains a buffer overflow vulnerability. This issue is due to a failure of the application to properly ensure that a fixed-size memory buffer is sufficiently large prior to copying user-supplied input data into it...

Salim Gasmi GLD (Greylisting Daemon) 1.0 < 1.4 - Postfix Greylisting Buffer Overflow (Metasploit)

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'GLD...

security flaw

Postfix 2.1.3, when /proc/net/ifinet6 is not available and permitmxbackup is enabled in smtpdrecipientrestrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname...

Low: Red Hat Security Advisory: postfix security update

Updated postfix packages that include a security fix and two other bug fixes are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, and...

RHEL 4 : postfix (RHSA-2005:152)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2005:152 advisory. Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, and TLS. A flaw was found in the ipv6 patch used with Postfix. When the file...

CVE-2005-0337

Postfix 2.1.3, when /proc/net/ifinet6 is not available and permitmxbackup is enabled in smtpdrecipientrestrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname...

CVE-2005-0337

CVE-2005-0337 affects Postfix 2.1.3 where, if /proc/net/if_inet6 is unavailable and permit_mx_backup is enabled in smtpd_recipient_restrictions, remote attackers can bypass email restrictions and perform mail relaying by delivering to an IPv6 hostname. The issue is a flaw in the IPv6 handling pat...

CVE-2005-0337

Postfix 2.1.3, when /proc/net/ifinet6 is not available and permitmxbackup is enabled in smtpdrecipientrestrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname...

USN-74-2: Fixed Postfix packages for USN-74-1

This is an update to the recently published Ubuntu Security Notice USN-74-1, which fixed the delivery of arbitrary mail to any MX host which has an IPv6 address. Unfortunately that upgrade revealed an error in the package upgrade system which caused package installation to fail. After the failed...

Postfix mail server IPv6 configuration unauthorized mail relaying

In specific configurations, for example if ran in chroot environment on IPv6 network, message relaying is not limited allowing relay to be used for SPAM sending...

[Full-Disclosure] [USN-74-1] Postfix vulnerability

=========================================================== Ubuntu Security Notice USN-74-1 February 04, 2005 postfix vulnerability http://bugs.debian.org/267837 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 Warty...

USN-74-1: Postfix vulnerability

Jean-Samuel Reynaud noticed a programming error in the IPv6 handling code of Postfix when /proc/net/ifinet6 is not available which is the case in Ubuntu since Postfix runs in a chroot. If "permitmxbackup" was enabled in the "smtpdrecipientrestrictions", Postfix turned into an open relay, i. e...

CVE-2004-0925

Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate...

CVE-2004-1113

SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the 1 sender or 2 recipient e-mail addresses...

DEBIAN-CVE-2004-1113

SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the 1 sender or 2 recipient e-mail addresses...

CVE-2004-1088

Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information...

CVE-2004-1113

SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the 1 sender or 2 recipient e-mail addresses...

CVE-2004-1113

CVE-2004-1113 affects the SQLgrey Postfix greylisting service, specifically versions before 1.2.0. The vulnerability is a SQL injection in which an attacker can cause arbitrary SQL commands to be executed via the (1) sender and (2) recipient e‑mail addresses. The root cause is untrusted input bei...

CVE-2004-1113

SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the 1 sender or 2 recipient e-mail addresses...

[SA13135] SQLgrey Postfix greylisting service Unspecified SQL Injection

---------------------------------------------------------------------- Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l...