MidnightBSD

Advisories for courier-mta

CVE-2008-2667 MEDIUM

SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
courier-mta courtier-authlib 0.53
courier-mta courtier-authlib 0.59
courier-mta courtier-authlib 0.58
courier-mta courtier-authlib 0.60.3
courier-mta courtier-authlib 0.60.4
courier-mta courtier-authlib 0.54
courier-mta courtier-authlib 0.59.3
courier-mta courtier-authlib 0.60.1
courier-mta courtier-authlib 0.60.5
courier-mta courtier-authlib 0.56
courier-mta courtier-authlib 0.57
courier-mta courtier-authlib 0.60
courier-mta courtier-authlib 0.55
courier-mta courtier-authlib 0.59.1
courier-mta courtier-authlib 0.60.2
courier-mta courtier-authlib 0.59.2
courier-mta courtier-authlib 0.52
CVE-2021-38084 MEDIUM

An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
courier-mta courier_mail_server *