1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • netqmail vulnerabilities

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Tuesday, September 29, 2020 12:10:10
    netqmail vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS

    Summary

    netqmail could be made to crash or run programs as any user
    (except root) if it received specially crafted network traffic.

    Software Description

    * netqmail - a secure, reliable, efficient, simple message
    transfer agent

    Details

    It was discovered that netqmail did not properly handle certain
    input. Both remote and local attackers could use this
    vulnerability to cause netqmail to crash or execute arbitrary
    code. (CVE-2005-1513, CVE-2005-1514, CVE-2005-1515)

    It was discovered that netqmail did not properly handle certain
    input when validating email addresses. An attacker could use this
    to bypass email address validation. (CVE-2020-3811)

    It was discovered that netqmail did not properly handle certain
    input when validating email addresses. An attacker could use this
    vulnerability to cause netqmail to disclose sensitive information.
    (CVE-2020-3812)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    qmail - 1.06-6.2~deb10u1build0.20.04.1
    qmail-uids-gids - 1.06-6.2~deb10u1build0.20.04.1

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2005-1513
    * CVE-2005-1514
    * CVE-2005-1515
    * CVE-2020-3811
    * CVE-2020-3812

    --- Mystic BBS v1.12 A46 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)