Ubuntu Security Notice 4621-1 - It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. It was discovered that netqmail did not properly handle certain input when validating email addresses. An attacker could use this to bypass email address validation. Various other issues were also addressed.
505a42b4d8cc358df017a8d138c2f348f0946ebc27b59443993f76b899094ba8
Ubuntu Security Notice 4556-1 - It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. It was discovered that netqmail did not properly handle certain input when validating email addresses. An attacker could use this to bypass email address validation. Various other issues were also addressed.
6263ee9cfe8c1c94cb907772cb2c16323c8cab8a75d3c7cb14bcd598f359e2ec
Gentoo Linux Security Advisory 202007-1 - Multiple vulnerabilities have been found in netqmail, the worst of which could result in the arbitrary execution of code. Versions less than 1.06-r13 are affected.
2bc5aa2768224760ae2e5be04e2ea7eb43b0766caf59e79d678a3e2b2c3c64fb
Debian Linux Security Advisory 4692-1 - Georgi Guninski and the Qualys Research Labs discovered multiple vulnerabilities in qmail (shipped in Debian as netqmail with additional patches) which could result in the execution of arbitrary code, bypass of mail address verification and a local information leak whether a file exists or not.
71843b017c5f98386f0eee906018b39853e36b3e3a3c0d30450769937bd7c1cd
In 2005, three vulnerabilities were discovered in qmail but were never fixed because they were believed to be unexploitable in a default installation. Qualys recently re-discovered these vulnerabilities and were able to exploit one of them remotely in a default installation.
b40bd18472de68aa880c0372a9f3305689c40f370d5468a34516ef9530fd6906