CVE-2005-1514
Published: 24 May 2020
commands.c in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SMTP command without a space character, which causes an array to be referenced with a negative index.
From the Ubuntu Security Team
It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code.
Priority
Status
Package | Release | Status |
---|---|---|
netqmail Launchpad, Ubuntu, Debian |
bionic |
Released
(1.06-6.2~deb10u1build0.18.04.1)
|
focal |
Released
(1.06-6.2~deb10u1build0.20.04.1)
|
|
groovy |
Does not exist
|
|
upstream |
Released
(1.06-6.2, 1.6-6.2~deb10u1, 1.6-6.2~deb9u1, 1.6-6.2~deb8u1,,,)
|
|
xenial |
Released
(1.06-6.2~deb10u1build0.16.04.1)
|
|
trusty |
Released
(1.06-6.2~deb10u1build0.14.04.1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
qmail Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(1.03-38)
|
|
xenial |
Does not exist
|