MidnightBSD

Advisories for double_precision_incorporated

CVE-2002-0914 MEDIUM

Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
double_precision_incorporated courier_mta 0.38.1
CVE-2002-1311 MEDIUM

Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
double_precision_incorporated courier_mta 0.37.3
double_precision_incorporated courier_mta 0.40
CVE-2003-0040 HIGH

SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
double_precision_incorporated courier_mta 0.37.3
inter7 courier-imap 1.6
CVE-2004-0224 HIGH

Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
double_precision_incorporated courier_mta 0.44.2
double_precision_incorporated sqwebmail 3.6.1
double_precision_incorporated courier_mta 0.44
double_precision_incorporated sqwebmail 3.6.2
double_precision_incorporated sqwebmail 3.6_.0
inter7 courier-imap 2.1
inter7 courier-imap 2.1.1
inter7 courier-imap 2.1.2
inter7 courier-imap 2.2.1
double_precision_incorporated courier_mta 0.43.2
gentoo linux 1.4
inter7 courier-imap 2.0.0
double_precision_incorporated courier_mta 0.43
double_precision_incorporated sqwebmail 3.5.2
inter7 courier-imap 1.7
inter7 courier-imap 1.6
double_precision_incorporated courier_mta 0.43.1
double_precision_incorporated sqwebmail 3.5.3
inter7 courier-imap 2.2.0
CVE-2005-2151 MEDIUM

spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
double_precision_incorporated courier_mail_server 0.47
double_precision_incorporated courier_mail_server 0.48.1
double_precision_incorporated courier_mail_server 0.48.2
double_precision_incorporated courier_mail_server 0.49.0
double_precision_incorporated courier_mail_server 0.46
double_precision_incorporated courier_mail_server 0.48
double_precision_incorporated courier_mail_server 0.50.0
CVE-2005-3532 HIGH

authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
double_precision_incorporated courier_mail_server 0.47
double_precision_incorporated courier_mail_server 0.48.1
double_precision_incorporated courier_mail_server 0.48.2
double_precision_incorporated courier_mail_server 0.49.0
double_precision_incorporated courier_mail_server 0.46
double_precision_incorporated courier_mail_server 0.48
double_precision_incorporated courier_mail_server 0.50.0
double_precision_incorporated courier_mail_server 0.37.3
double_precision_incorporated courier_mail_server 0.52.1
CVE-2006-2659 HIGH

libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
double_precision_incorporated courier_mta 0.44
double_precision_incorporated courier_mta 0.38.1
double_precision_incorporated courier_mta 0.43
double_precision_incorporated courier_mta 0.37.3
double_precision_incorporated courier_mta 0.43.1
double_precision_incorporated courier_mta 0.40
double_precision_incorporated courier_mta *
double_precision_incorporated courier_mta 0.43.2