256 matches found
Qualys Security Advisory - OpenSMTPD Audit Report
Sorry for the "CVE-2015-ABCD" place-holders in the report, but OpenSMTPD's developers were ready with the patches before MITRE was ready with the CVE-IDs. Qualys Security Advisory OpenSMTPD Audit Report ======================================================================== Contents...
OpenSMTPD multiple security vulnerabilities
DoS conditions, information disclosure, multiple memory corruptions...
opensmtpd: multiple issues
an oversight in the portable version of fgetln that allows attackers to read and write out-of-bounds memory - multiple denial-of-service vulnerabilities that allow local users to kill or hang OpenSMTPD - a stack-based buffer overflow that allows local users to crash OpenSMTPD, or execute...
FreeBSD : OpenSMTPD -- multiple vulnerabilities (42852f72-6bd3-11e5-9909-002590263bf5)
OpenSMTPD developers report : fix an mda buffer truncation bug which allows a user to create forward files that pass session checks but fail delivery later down the chain, within the user mda fix remote buffer overflow in unprivileged pony process reworked offline enqueue to better protect agains...
OpenSMTPD Remotely triggerable buffer overflow Vulnerability
Exploit for openbsd platform in category remote exploits I'm passing the gauntlet for anyone who wants to analyze this for impact etc. There's a remotely triggerable buffer overflow in OpenBSD's OpenSMTPD -- the latest version, 5.7.2 -- reachable by sending messages with huge header lines. Qualys...
FreeBSD : OpenSMTPD -- multiple vulnerabilities (ee7bdf7f-11bb-4eea-b054-c692ab848c20)
OpenSMTPD developers report : an oversight in the portable version of fgetln that allows attackers to read and write out-of-bounds memory multiple denial-of-service vulnerabilities that allow local users to kill or hang OpenSMTPD a stack-based buffer overflow that allows local users to crash...
OpenSMTPD -- multiple vulnerabilities
OpenSMTPD developers report: fix an mda buffer truncation bug which allows a user to create forward files that pass session checks but fail delivery later down the chain, within the user mda fix remote buffer overflow in unprivileged pony process reworked offline enqueue to better protect against...
OpenSMTPD -- multiple vulnerabilities
OpenSMTPD developers report: an oversight in the portable version of fgetln that allows attackers to read and write out-of-bounds memory multiple denial-of-service vulnerabilities that allow local users to kill or hang OpenSMTPD a stack-based buffer overflow that allows local users to crash...
CVE-2013-2125
OpenSMTPD is affected when running versions before 5.3.2, where SSL session handling allows remote attackers to cause a denial of service by keeping a TLS connection open, leading to connection blocking. The issue is confirmed across multiple sources (OpenSMTPD/OpenVAS listing and CVE-2013-2125 r...
CVE-2013-2125
OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service connection blocking by keeping a connection open...
CVE-2013-2125
OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service connection blocking by keeping a connection open...
CVE-2013-2125
OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service connection blocking by keeping a connection open...
CVE-2013-2125
OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service connection blocking by keeping a connection open...
DEBIAN-CVE-2013-2125
OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service connection blocking by keeping a connection open...
Open redirect
OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service connection blocking by keeping a connection open...
OpenSMTPD TLS Blocking Socket Remote DoS
The remote OpenSMTPD mail server has a flaw that could result in further connections to it being blocked when a client holds open a TLS connection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid66586;...