Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2659

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2006-2659
Last Modified 20 Sep 2011 10:05:08
Published 30 May 2006 03:02:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2659

Summary

libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.

Vulnerable Systems

Application

  • Double Precision Incorporated Courier Mta 0.37.3

  • Double Precision Incorporated Courier Mta 0.38.1

  • Double Precision Incorporated Courier Mta 0.40

  • Double Precision Incorporated Courier Mta 0.43

  • Double Precision Incorporated Courier Mta 0.43.1

  • Double Precision Incorporated Courier Mta 0.43.2

  • Double Precision Incorporated Courier Mta 0.44

  • Double Precision Incorporated Courier Mta 0.44.2


References

CONFIRM - http://www.courier-mta.org/beta/patches/verp-fix/README.txt

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834

VUPEN - ADV-2006-2214

XF - courier-usernames-dos(26998)

UBUNTU - USN-294-1

BID - 18345

DEBIAN - DSA-1101

SECTRACK - 1016248

GENTOO - GLSA-200608-06

SECUNIA - 21350

SECUNIA - 20792

SECUNIA - 20548

SECUNIA - 20519


Last Updated: 27 May 2016 10:42:42