PT-2005-1103 · Dan Bernstein+2 · Qmail+2
Georgi Guninski
·
Published
2005-05-11
·
Updated
2024-02-08
·
CVE-2005-1513
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
qmail (affected versions not specified)
Description
The issue is caused by an integer overflow in the
stralloc readyplus function in qmail. This allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request, particularly when running on 64-bit platforms with a large amount of virtual memory. Researchers from Qualys demonstrated the possibility of exploiting this vulnerability, which was known since 2005, by preparing an exploit that initiates remote code execution on the server through sending a specially crafted message.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Ubuntu
Qmail