Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| double_precision_incorporated | courier_mta | 0.38.1 |
Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| double_precision_incorporated | courier_mta | 0.37.3 |
| double_precision_incorporated | courier_mta | 0.40 |
SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| double_precision_incorporated | courier_mta | 0.37.3 |
| inter7 | courier-imap | 1.6 |
Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| double_precision_incorporated | courier_mta | 0.44.2 |
| double_precision_incorporated | sqwebmail | 3.6.1 |
| double_precision_incorporated | courier_mta | 0.44 |
| double_precision_incorporated | sqwebmail | 3.6.2 |
| double_precision_incorporated | sqwebmail | 3.6_.0 |
| inter7 | courier-imap | 2.1 |
| inter7 | courier-imap | 2.1.1 |
| inter7 | courier-imap | 2.1.2 |
| inter7 | courier-imap | 2.2.1 |
| double_precision_incorporated | courier_mta | 0.43.2 |
| gentoo | linux | 1.4 |
| inter7 | courier-imap | 2.0.0 |
| double_precision_incorporated | courier_mta | 0.43 |
| double_precision_incorporated | sqwebmail | 3.5.2 |
| inter7 | courier-imap | 1.7 |
| inter7 | courier-imap | 1.6 |
| double_precision_incorporated | courier_mta | 0.43.1 |
| double_precision_incorporated | sqwebmail | 3.5.3 |
| inter7 | courier-imap | 2.2.0 |
spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| double_precision_incorporated | courier_mail_server | 0.47 |
| double_precision_incorporated | courier_mail_server | 0.48.1 |
| double_precision_incorporated | courier_mail_server | 0.48.2 |
| double_precision_incorporated | courier_mail_server | 0.49.0 |
| double_precision_incorporated | courier_mail_server | 0.46 |
| double_precision_incorporated | courier_mail_server | 0.48 |
| double_precision_incorporated | courier_mail_server | 0.50.0 |
authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| double_precision_incorporated | courier_mail_server | 0.47 |
| double_precision_incorporated | courier_mail_server | 0.48.1 |
| double_precision_incorporated | courier_mail_server | 0.48.2 |
| double_precision_incorporated | courier_mail_server | 0.49.0 |
| double_precision_incorporated | courier_mail_server | 0.46 |
| double_precision_incorporated | courier_mail_server | 0.48 |
| double_precision_incorporated | courier_mail_server | 0.50.0 |
| double_precision_incorporated | courier_mail_server | 0.37.3 |
| double_precision_incorporated | courier_mail_server | 0.52.1 |
libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| double_precision_incorporated | courier_mta | 0.44 |
| double_precision_incorporated | courier_mta | 0.38.1 |
| double_precision_incorporated | courier_mta | 0.43 |
| double_precision_incorporated | courier_mta | 0.37.3 |
| double_precision_incorporated | courier_mta | 0.43.1 |
| double_precision_incorporated | courier_mta | 0.40 |
| double_precision_incorporated | courier_mta | * |
| double_precision_incorporated | courier_mta | 0.43.2 |