CVE-2012-0070

spamdyke prior to 4.2.1: STARTTLS reveals plaintext...

Code injection

spamdyke prior to 4.2.1: STARTTLS reveals plaintext...

CVE-2012-0070

CVE-2012-0070 concerns spamdyke prior to 4.2.1, where the TLS upgrade path after STARTTLS does not properly clear transport buffers, allowing insertion of arbitrary plaintext during the plaintext phase (e.g., SMTP commands). The vulnerability is triggered during the plaintext-to-TLS transition an...

Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability

Multiple vendors SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.103935";...

CVE-2012-0802

Multiple buffer overflows in Spamdyke before 4.3.0 might allow remote attackers to execute arbitrary code via vectors related to "serious errors in the usage of snprintf/vsnprintf" in which the return values may be larger than the size of the buffer...

Buffer overflow

Multiple buffer overflows in Spamdyke before 4.3.0 might allow remote attackers to execute arbitrary code via vectors related to "serious errors in the usage of snprintf/vsnprintf" in which the return values may be larger than the size of the buffer...

CVE-2012-0802

Multiple buffer overflows in Spamdyke before 4.3.0 might allow remote attackers to execute arbitrary code via vectors related to "serious errors in the usage of snprintf/vsnprintf" in which the return values may be larger than the size of the buffer...

CVE-2012-0802

CVE-2012-0802 concerns Spamdyke before 4.3.0, where boundary errors in the use of snprintf()/vsnprintf may cause a buffer overflow. This could allow a remote attacker to execute arbitrary code or impact availability/DoS. The publicly documented fix is to upgrade to Spamdyke ≥ 4.3.0. The vulnerabi...

Gentoo Security Advisory GLSA 201203-01 (spamdyke)

The remote host is missing updates announced in advisory GLSA 201203-01. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 201203-01 (spamdyke)

The remote host is missing updates announced in advisory GLSA 201203-01. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

GLSA-201203-01 : spamdyke: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201203-01 spamdyke: Arbitrary code execution Boundary errors related to the 'snprintf' and 'vsnprintf' functions in spamdyke could cause a buffer overflow. Impact : A remote attacker could possibly execute arbitrary code or cause ...

spamdyke: Arbitrary code execution

Background spamdyke is a drop-in connection-time spam filter for qmail. Description Boundary errors related to the "snprintf" and "vsnprintf" functions in spamdyke could cause a buffer overflow. Impact A remote attacker could possibly execute arbitrary code or cause a Denial of Service. Workaroun...

FreeBSD Ports: spamdyke

The remote host is missing an update to the system as announced in the referenced advisory. VID a47af810-3a17-11e1-a1be-00e0815b8da8 OpenVAS Vulnerability Test $ Description: Auto generated from VID a47af810-3a17-11e1-a1be-00e0815b8da8 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

FreeBSD Ports: spamdyke

The remote host is missing an update to the system as announced in the referenced advisory. VID 7d2336c2-4607-11e1-9f47-00e0815b8da8 OpenVAS Vulnerability Test $ Description: Auto generated from VID 7d2336c2-4607-11e1-9f47-00e0815b8da8 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

FreeBSD Ports: spamdyke

The remote host is missing an update to the system as announced in the referenced advisory. Copyright C 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program...

FreeBSD Ports: spamdyke

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD : spamdyke -- Buffer Overflow Vulnerabilities (7d2336c2-4607-11e1-9f47-00e0815b8da8)

Secunia reports : Fixed a number of very serious errors in the usage of snprintf/vsnprintf. The return value was being used as the length of the string printed into the buffer, but the return value really indicates the length of the string that could be printed if the buffer were of infinite size...

FreeBSD : spamdyke -- STARTTLS Plaintext Injection Vulnerability (a47af810-3a17-11e1-a1be-00e0815b8da8)

Secunia reports : The vulnerability is caused due to the TLS implementation not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the 'STARTTLS' command. This can be exploited to insert arbitrary plaintext data e.g. SMTP commands during the...

spamdyke -- STARTTLS Plaintext Injection Vulnerability

Secunia reports: The vulnerability is caused due to the TLS implementation not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the "STARTTLS" command. This can be exploited to insert arbitrary plaintext data e.g. SMTP commands during the...

FreeBSD Ports: spamdyke

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...