CVE-2005-1513

Published: 24 May 2020

Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request.

From the Ubuntu security team

It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code.

Priority

Medium

Status

Package Release Status
netqmail
Launchpad, Ubuntu, Debian
Upstream
Released (1.06-6.2, 1.6-6.2~deb10u1, 1.6-6.2~deb9u1, 1.6-6.2~deb8u1,,,)
Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa)
Released (1.06-6.2~deb10u1build0.20.04.1)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

qmail
Launchpad, Ubuntu, Debian
Upstream
Released (1.03-38)
Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist