7.8 - DSA-1101

Summary
Title	New courier packages fix denial of service

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score	7.8	Attack Range	Network
Cvss Impact Score	6.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

A bug has been discovered in the Courier Mail Server that can result in a number of processes to consume arbitrary amounts of CPU power.

For the old stable distribution (woody) this problem has been fixed in version 0.37.3-2.9.

For the stable distribution (sarge) this problem has been fixed in version 0.47-4sarge5.

For the unstable distribution (sid) this problem has been fixed in version 0.53.2-1.

We recommend that you upgrade your courier packages.

Type	Description	Count
Application	Double Precision Incorporated Courier Mta cpe:2.3:a:double_precision_incorporated:courier_mta:0.44.2:::::::* cpe:2.3:a:double_precision_incorporated:courier_mta:0.44:::::::* cpe:2.3:a:double_precision_incorporated:courier_mta:0.43.2:::::::* cpe:2.3:a:double_precision_incorporated:courier_mta:0.43.1:::::::* cpe:2.3:a:double_precision_incorporated:courier_mta:0.43:::::::* cpe:2.3:a:double_precision_incorporated:courier_mta:0.40:::::::* cpe:2.3:a:double_precision_incorporated:courier_mta:0.38.1:::::::* cpe:2.3:a:double_precision_incorporated:courier_mta:0.37.3:::::::*	8

Date	Description
2008-09-24	Name : Gentoo Security Advisory GLSA 200608-06 (Courier) File : nvt/glsa_200608_06.nasl
2008-01-17	Name : Debian Security Advisory DSA 1101-1 (courier) File : nvt/deb_1101_1.nasl

Id	Description
26232	Courier Mail Server Crafted Username Encoding DoS

Date	Description
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-294-1.nasl - Type : ACT_GATHER_INFO
2006-10-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1101.nasl - Type : ACT_GATHER_INFO
2006-08-04	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200608-06.nasl - Type : ACT_GATHER_INFO

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:25:56	Multiple Updates

	Related
7.8	CVE-2006-2659
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)