ID CVE-2005-1515
Summary Integer signedness error in the qmail_put and substdio_put functions in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of SMTP RCPT TO commands.
References
Vulnerable Configurations
  • cpe:2.3:a:dan_bernstein:qmail:*:*:*:*:*:*:*:*
    cpe:2.3:a:dan_bernstein:qmail:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 05-10-2020 - 21:15)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
debian DSA-4692
fulldisc
  • 20050506 64 bit qmail fun
  • 20200522 Remote Code Execution in qmail (CVE-2005-1513)
gentoo GLSA-202007-01
misc
mlist
  • [debian-lts-announce] 20200604 [SECURITY] [DLA 2234-1] netqmail security update
  • [oss-security] 20200519 Remote Code Execution in qmail (CVE-2005-1513)
  • [oss-security] 20200520 Re: Remote Code Execution in qmail (CVE-2005-1513)
sectrack 1013911
ubuntu USN-4556-1
Last major update 05-10-2020 - 21:15
Published 11-05-2005 - 04:00
Last modified 05-10-2020 - 21:15
Back to Top