Description
libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
Affected products
- double_precision_incorporated / courier_mta0.44.2
- double_precision_incorporated / courier_mta0.37.3 – 0.37.3
- double_precision_incorporated / courier_mta0.38.1 – 0.38.1
- double_precision_incorporated / courier_mta0.40 – 0.40
- double_precision_incorporated / courier_mta0.43 – 0.43
- double_precision_incorporated / courier_mta0.43.1 – 0.43.1
- double_precision_incorporated / courier_mta0.43.2 – 0.43.2
- double_precision_incorporated / courier_mta0.44 – 0.44
References
- VENDOR_ADVISORYhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/26998
- MISChttp://security.gentoo.org/glsa/glsa-200608-06.xml
- MISChttp://www.securityfocus.com/bid/18345
- VENDOR_ADVISORYhttp://secunia.com/advisories/20548
- VENDOR_ADVISORYhttp://secunia.com/advisories/20519
- MISChttp://www.courier-mta.org/beta/patches/verp-fix/README.txt
- VENDOR_ADVISORYhttp://secunia.com/advisories/21350
- VENDOR_ADVISORYhttp://www.debian.org/security/2006/dsa-1101
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/2214
- VENDOR_ADVISORYhttps://usn.ubuntu.com/294-1/
- VENDOR_ADVISORYhttp://secunia.com/advisories/20792
- MISChttp://securitytracker.com/id?1016248