CVE-2005-1515
Published: 24 May 2020
Integer signedness error in the qmail_put and substdio_put functions in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of SMTP RCPT TO commands.
From the Ubuntu security team
It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
netqmail Launchpad, Ubuntu, Debian |
Upstream |
Released
(1.06-6.2, 1.6-6.2~deb10u1, 1.6-6.2~deb9u1, 1.6-6.2~deb8u1,,,)
|
| Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Released
(1.06-6.2~deb10u1build0.20.04.1)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Needed
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Needed
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needed)
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
qmail Launchpad, Ubuntu, Debian |
Upstream |
Released
(1.03-38)
|
| Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|