USN-4556-1: netqmail vulnerabilities

29 September 2020

netqmail could be made to crash or run programs as any user (except root) if it received specially crafted network traffic.

Releases

Packages

  • netqmail - a secure, reliable, efficient, simple message transfer agent

Details

It was discovered that netqmail did not properly handle certain input. Both
remote and local attackers could use this vulnerability to cause netqmail
to crash or execute arbitrary code. (CVE-2005-1513, CVE-2005-1514,
CVE-2005-1515)

It was discovered that netqmail did not properly handle certain input when
validating email addresses. An attacker could use this to bypass email
address validation. (CVE-2020-3811)

It was discovered that netqmail did not properly handle certain input when
validating email addresses. An attacker could use this vulnerability to
cause netqmail to disclose sensitive information. (CVE-2020-3812)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04

In general, a standard system update will make all the necessary changes.