CVE-2004-2429

Name of the Vulnerable Software and Affected Versions: EnderUNIX spamGuard versions prior to 1.7-BETA

Description: The issue is related to multiple stack-based and heap-based buffer overflows that allow remote attackers to execute arbitrary code. The overflows occur in various functions, including (1) qmail parseline and (2) sendmail parseline in parser.c, (3) loadconfig and (4) removespaces in loadconfig.c. There are also possibly unspecified functions in functions.c that are affected.

Recommendations: For versions prior to 1.7-BETA, update to version 1.7-BETA or later to resolve the issue. As a temporary workaround, consider restricting access to the affected functions until a patch is available.