Courier Mail Server Username Encoding Remote Denial Of Service Vulnerability
BID:18345
CVE-2006-2659 |Info
Courier Mail Server Username Encoding Remote Denial Of Service Vulnerability
| Bugtraq ID: | 18345 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2006-2659 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 09 2006 12:00AM |
| Updated: | Nov 16 2006 10:11PM |
| Credit: | This issue was announced by the vendor. |
| Vulnerable: |
Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Gentoo Linux Double Precision Incorporated Courier MTA 0.47 Double Precision Incorporated Courier MTA 0.45.1 Double Precision Incorporated Courier MTA 0.45 Double Precision Incorporated Courier MTA 0.44.2 Double Precision Incorporated Courier MTA 0.44 Double Precision Incorporated Courier MTA 0.43.2 Double Precision Incorporated Courier MTA 0.43.1 Double Precision Incorporated Courier MTA 0.43 Double Precision Incorporated Courier MTA 0.42.2 Double Precision Incorporated Courier MTA 0.40.1 Double Precision Incorporated Courier MTA 0.40 Double Precision Incorporated Courier MTA 0.38.1 Double Precision Incorporated Courier MTA 0.37.3 Double Precision Incorporated Courier Mail Server 0.53.1 Double Precision Incorporated Courier Mail Server 0.53 Double Precision Incorporated Courier Mail Server 0.50.1 Double Precision Incorporated Courier Mail Server 0.50 Double Precision Incorporated Courier Mail Server 0.47 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Courier Mail Server Courier Imap 3.0.8 |
| Not Vulnerable: |
Double Precision Incorporated Courier Mail Server 0.53.2 |
Discussion
Courier Mail Server Username Encoding Remote Denial Of Service Vulnerability
Courier Mail Server is prone to a remote denial-of-service vulnerability because it fails to properly handle certain usernames in email messages.
A remote attacker may exploit this issue to consume excessive CPU resources, potentially denying service to legitimate users.
Versions of the Courier MTA prior to 0.53.2 are vulnerable to this issue.
Courier Mail Server is prone to a remote denial-of-service vulnerability because it fails to properly handle certain usernames in email messages.
A remote attacker may exploit this issue to consume excessive CPU resources, potentially denying service to legitimate users.
Versions of the Courier MTA prior to 0.53.2 are vulnerable to this issue.
Exploit / POC
Courier Mail Server Username Encoding Remote Denial Of Service Vulnerability
Attackers use standard email clients to exploit this issue.
Attackers use standard email clients to exploit this issue.
Solution / Fix
Courier Mail Server Username Encoding Remote Denial Of Service Vulnerability
Solution:
The vendor has released an update to address this issue.
Please see the referenced vendor advisories for more information on obtaining and applying fixes.
Double Precision Incorporated Courier MTA 0.37.3
Double Precision Incorporated Courier MTA 0.38.1
Double Precision Incorporated Courier MTA 0.40
Double Precision Incorporated Courier MTA 0.40.1
Double Precision Incorporated Courier MTA 0.42.2
Double Precision Incorporated Courier MTA 0.43
Double Precision Incorporated Courier MTA 0.43.1
Double Precision Incorporated Courier MTA 0.43.2
Double Precision Incorporated Courier MTA 0.44
Double Precision Incorporated Courier MTA 0.44.2
Double Precision Incorporated Courier MTA 0.45
Double Precision Incorporated Courier MTA 0.45.1
Double Precision Incorporated Courier MTA 0.47
Double Precision Incorporated Courier Mail Server 0.47
Double Precision Incorporated Courier Mail Server 0.50
Double Precision Incorporated Courier Mail Server 0.50.1
Double Precision Incorporated Courier Mail Server 0.53
Double Precision Incorporated Courier Mail Server 0.53.1
Courier Mail Server Courier Imap 3.0.8
Solution:
The vendor has released an update to address this issue.
Please see the referenced vendor advisories for more information on obtaining and applying fixes.
Double Precision Incorporated Courier MTA 0.37.3
-
Double Precision Incorporated courier-0.53.2.tar.bz2
http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2
Double Precision Incorporated Courier MTA 0.38.1
-
Double Precision Incorporated courier-0.53.2.tar.bz2
http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2
Double Precision Incorporated Courier MTA 0.40
-
Double Precision Incorporated courier-0.53.2.tar.bz2
http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2
Double Precision Incorporated Courier MTA 0.40.1
-
Double Precision Incorporated courier-0.53.2.tar.bz2
http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2
Double Precision Incorporated Courier MTA 0.42.2
-
Double Precision Incorporated courier-0.53.2.tar.bz2
http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2
Double Precision Incorporated Courier MTA 0.43
-
Double Precision Incorporated courier-0.53.2.tar.bz2
http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2
Double Precision Incorporated Courier MTA 0.43.1
-
Double Precision Incorporated courier-0.53.2.tar.bz2
http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2
Double Precision Incorporated Courier MTA 0.43.2
-
Double Precision Incorporated courier-0.53.2.tar.bz2
http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2
Double Precision Incorporated Courier MTA 0.44
-
Double Precision Incorporated courier-0.53.2.tar.bz2
http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2
Double Precision Incorporated Courier MTA 0.44.2
-
Double Precision Incorporated courier-0.53.2.tar.bz2
http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2
Double Precision Incorporated Courier MTA 0.45
-
Double Precision Incorporated courier-0.53.2.tar.bz2
http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2
Double Precision Incorporated Courier MTA 0.45.1
-
Double Precision Incorporated courier-0.53.2.tar.bz2
http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2
Double Precision Incorporated Courier MTA 0.47
-
Double Precision Incorporated courier-0.53.2.tar.bz2
http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2
Double Precision Incorporated Courier Mail Server 0.47
-
Double Precision Incorporated courier-0.53.2.tar.bz2
http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2
Double Precision Incorporated Courier Mail Server 0.50
-
Double Precision Incorporated courier-0.53.2.tar.bz2
http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2
Double Precision Incorporated Courier Mail Server 0.50.1
-
Double Precision Incorporated courier-0.53.2.tar.bz2
http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2
Double Precision Incorporated Courier Mail Server 0.53
-
Double Precision Incorporated courier-0.53.2.tar.bz2
http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2
Double Precision Incorporated Courier Mail Server 0.53.1
-
Double Precision Incorporated courier-0.53.2.tar.bz2
http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2
Courier Mail Server Courier Imap 3.0.8
-
Debian courier-imap-ssl_3.0.8-4sarge5_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ss l_3.0.8-4sarge5_alpha.deb -
Debian courier-imap-ssl_3.0.8-4sarge5_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ss l_3.0.8-4sarge5_amd64.deb -
Debian courier-imap-ssl_3.0.8-4sarge5_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ss l_3.0.8-4sarge5_arm.deb -
Debian courier-imap-ssl_3.0.8-4sarge5_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ss l_3.0.8-4sarge5_hppa.deb -
Debian courier-imap-ssl_3.0.8-4sarge5_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ss l_3.0.8-4sarge5_i386.deb -
Debian courier-imap-ssl_3.0.8-4sarge5_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ss l_3.0.8-4sarge5_ia64.deb -
Debian courier-imap-ssl_3.0.8-4sarge5_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ss l_3.0.8-4sarge5_m68k.deb -
Debian courier-imap-ssl_3.0.8-4sarge5_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ss l_3.0.8-4sarge5_mips.deb -
Debian courier-imap-ssl_3.0.8-4sarge5_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ss l_3.0.8-4sarge5_mipsel.deb -
Debian courier-imap-ssl_3.0.8-4sarge5_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ss l_3.0.8-4sarge5_powerpc.deb -
Debian courier-imap-ssl_3.0.8-4sarge5_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ss l_3.0.8-4sarge5_s390.deb -
Debian courier-imap-ssl_3.0.8-4sarge5_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ss l_3.0.8-4sarge5_sparc.deb -
Debian courier-imap_3.0.8-4sarge5_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3. 0.8-4sarge5_alpha.deb -
Debian courier-imap_3.0.8-4sarge5_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3. 0.8-4sarge5_amd64.deb -
Debian courier-imap_3.0.8-4sarge5_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3. 0.8-4sarge5_arm.deb -
Debian courier-imap_3.0.8-4sarge5_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3. 0.8-4sarge5_hppa.deb -
Debian courier-imap_3.0.8-4sarge5_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3. 0.8-4sarge5_i386.deb -
Debian courier-imap_3.0.8-4sarge5_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3. 0.8-4sarge5_ia64.deb -
Debian courier-imap_3.0.8-4sarge5_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3. 0.8-4sarge5_m68k.deb -
Debian courier-imap_3.0.8-4sarge5_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3. 0.8-4sarge5_mips.deb -
Debian courier-imap_3.0.8-4sarge5_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3. 0.8-4sarge5_mipsel.deb -
Debian courier-imap_3.0.8-4sarge5_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3. 0.8-4sarge5_powerpc.deb -
Debian courier-imap_3.0.8-4sarge5_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3. 0.8-4sarge5_s390.deb -
Debian courier-imap_3.0.8-4sarge5_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3. 0.8-4sarge5_sparc.deb
References
Courier Mail Server Username Encoding Remote Denial Of Service Vulnerability
References:
References:
- Courier Mail Server Homepage (Double Precision Incorporated)
- README.txt (Double Precision Incorporated)