USN-4556-1: netqmail vulnerabilities
29 September 2020
netqmail could be made to crash or run programs as any user (except root) if it received specially crafted network traffic.
Releases
Packages
- netqmail - a secure, reliable, efficient, simple message transfer agent
Details
It was discovered that netqmail did not properly handle certain input. Both
remote and local attackers could use this vulnerability to cause netqmail
to crash or execute arbitrary code. (CVE-2005-1513, CVE-2005-1514,
CVE-2005-1515)
It was discovered that netqmail did not properly handle certain input when
validating email addresses. An attacker could use this to bypass email
address validation. (CVE-2020-3811)
It was discovered that netqmail did not properly handle certain input when
validating email addresses. An attacker could use this vulnerability to
cause netqmail to disclose sensitive information. (CVE-2020-3812)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04
In general, a standard system update will make all the necessary changes.
Related notices
- USN-4621-1: qmail-uids-gids, netqmail, qmail