[SECURITY] [DSA 1155-1] New sendmail packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 1155-1 [email protected] http://www.debian.org/security/ Martin Schulze August 24th, 2006 http://www.debian.org/security/faq -...

Sendmail multipart messages DoS

High recurscion level in multipart MIME messages causes stack overflow exhaustion, not overrun...

Sendmail: Denial of service

Background Sendmail is a popular mail transfer agent MTA. Description Frank Sheiness discovered that the mime8to7 function can recurse endlessly during the decoding of multipart MIME messages until the stack of the process is filled and the process crashes. Impact By sending specially crafted...

security flaw

Linux SCTP lksctp before 2.6.17 allows remote attackers to cause a denial of service infinite recursion and crash via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the...

recursion causes OOM with bad DN in dn2ancestor

dn2ancestor in the LDAP component in Fedora Directory Server 1.0 allows remote attackers to cause a denial of service CPU and memory consumption via a ModDN operation with a DN that contains a large number of "," comma characters, which results in a large amount of recursion, as demonstrated usin...

Design/Logic Flaw

Linux SCTP lksctp before 2.6.17 allows remote attackers to cause a denial of service infinite recursion and crash via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the...

CVE-2006-2274

Linux SCTP lksctp before 2.6.17 allows remote attackers to cause a denial of service infinite recursion and crash via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the...

Code injection

Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attackers to cause a denial of service via crafted DNS responses messages that cause 1 a buffer over-read or 2 infinite recursion, which can trigger a segmentation fault or invalid memory access, ...

Code injection

TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service infinite recursion leading to CPU and memory consumption via INCLUDE by URL statements that form a loop, such as a page that includes itself...

CVE-2006-1387

TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service infinite recursion leading to CPU and memory consumption via INCLUDE by URL statements that form a loop, such as a page that includes itself...

CVE-2006-0452

CVE-2006-0452 affects the LDAP component of Fedora Directory Server 1.0, where a ModDN operation with a DN containing a large number of commas can trigger excessive recursion and cause a denial of service (CPU/memory). The vulnerability is exploited remotely by connecting to the directory server ...

CVE-2006-0118

Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of service deep recursion leading to stack overflow and crash via long formulas...

DEBIAN-CVE-2005-3239

The OLE2 unpacker in clamd in Clam AntiVirus ClamAV 0.87-1 allows remote attackers to cause a denial of service segmentation fault via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2walkpropertytree function...

CVE-2005-3239

The OLE2 unpacker in clamd in Clam AntiVirus ClamAV 0.87-1 allows remote attackers to cause a denial of service segmentation fault via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2walkpropertytree function...

Debian DSA-771-1 : pdns - several vulnerabilities

Several problems have been discovered in pdns, a versatile nameserver that can lead to a denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2301 Norbert Sendetzky and Jan de Groot discovered that the LDAP backend did not properly...

CVE-2005-2302

PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion...

CVE-2005-2302

PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion...

DEBIAN-CVE-2005-2302

PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion...

CVE-2005-2302

PowerDNS before 2.9.18 is affected by CVE-2005-2302. When the server is configured to allow recursion to a restricted IP range, it does not properly handle queries from clients that are denied recursion, which can cause a temporary blanking of answers for clients that are permitted to recurse. Th...

CVE-2005-2302

PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion...