Ubuntu Security Notice 4556-1 - It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. It was discovered that netqmail did not properly handle certain input when validating email addresses. An attacker could use this to bypass email address validation. Various other issues were also addressed.
6263ee9cfe8c1c94cb907772cb2c16323c8cab8a75d3c7cb14bcd598f359e2ec
==========================================================================
Ubuntu Security Notice USN-4556-1
September 29, 2020
netqmail vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
netqmail could be made to crash or run programs as any user (except root) if it
received specially crafted network traffic.
Software Description:
- netqmail: a secure, reliable, efficient, simple message transfer agent
Details:
It was discovered that netqmail did not properly handle certain input. Both
remote and local attackers could use this vulnerability to cause netqmail
to crash or execute arbitrary code. (CVE-2005-1513, CVE-2005-1514,
CVE-2005-1515)
It was discovered that netqmail did not properly handle certain input when
validating email addresses. An attacker could use this to bypass email
address validation. (CVE-2020-3811)
It was discovered that netqmail did not properly handle certain input when
validating email addresses. An attacker could use this vulnerability to
cause netqmail to disclose sensitive information. (CVE-2020-3812)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
qmail 1.06-6.2~deb10u1build0.20.04.1
qmail-uids-gids 1.06-6.2~deb10u1build0.20.04.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4556-1
CVE-2005-1513, CVE-2005-1514, CVE-2005-1515, CVE-2020-3811,
CVE-2020-3812
Package Information:
https://launchpad.net/ubuntu/+source/netqmail/1.06-6.2~deb10u1build0.20.04.1
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce