CVE-2005-1515 - Integer signedness error in the qmail_put and substdio_put functions in qmail, when running on 64 bi

CVE-2005-1515

Summary

Integer signedness error in the qmail_put and substdio_put functions in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of SMTP RCPT TO commands.

References

Vulnerable Configurations

cpe:2.3:a:dan_bernstein:qmail:*:*:*:*:*:*:*:*
cpe:2.3:a:dan_bernstein:qmail:*:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 05-10-2020 - 21:15)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

debian	DSA-4692
fulldisc	20050506 64 bit qmail fun 20200522 Remote Code Execution in qmail (CVE-2005-1513)
gentoo	GLSA-202007-01
misc	http://packetstormsecurity.com/files/157805/Qualys-Security-Advisory-Qmail-Remote-Code-Execution.html http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html
mlist	[debian-lts-announce] 20200604 [SECURITY] [DLA 2234-1] netqmail security update [oss-security] 20200519 Remote Code Execution in qmail (CVE-2005-1513) [oss-security] 20200520 Re: Remote Code Execution in qmail (CVE-2005-1513)
sectrack	1013911
ubuntu	USN-4556-1

Last major update

05-10-2020 - 21:15

Published

11-05-2005 - 04:00

Last modified

05-10-2020 - 21:15