Test ID:	1.3.6.1.4.1.25623.1.0.892234
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-2234-1)
Summary:	The remote host is missing an update for the Debian 'netqmail' package(s) announced via the DLA-2234-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'netqmail' package(s) announced via the DLA-2234-1 advisory. Vulnerability Insight: There were several CVE bugs reported against src:netqmail. CVE-2005-1513 Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request. CVE-2005-1514 commands.c in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SMTP command without a space character, which causes an array to be referenced with a negative index. CVE-2005-1515 Integer signedness error in the qmail_put and substdio_put functions in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of SMTP RCPT TO commands. CVE-2020-3811 qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability. CVE-2020-3812 qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first. For Debian 8 Jessie, these problems have been fixed in version 1.06-6.2~ deb8u1. We recommend that you upgrade your netqmail packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references] Affected Software/OS: 'netqmail' package(s) on Debian 8. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1513 Debian Security Information: DSA-4692 (Google Search) https://www.debian.org/security/2020/dsa-4692 http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0101.html http://seclists.org/fulldisclosure/2020/May/42 http://seclists.org/fulldisclosure/2020/Jun/27 http://seclists.org/fulldisclosure/2023/Jun/2 https://security.gentoo.org/glsa/202007-01 http://packetstormsecurity.com/files/157805/Qualys-Security-Advisory-Qmail-Remote-Code-Execution.html http://packetstormsecurity.com/files/158203/Qmail-Local-Privilege-Escalation-Remote-Code-Execution.html http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html https://lists.debian.org/debian-lts-announce/2020/06/msg00002.html http://www.openwall.com/lists/oss-security/2020/05/19/8 http://www.openwall.com/lists/oss-security/2020/05/20/2 http://www.openwall.com/lists/oss-security/2020/05/20/5 http://www.openwall.com/lists/oss-security/2020/06/16/2 http://www.openwall.com/lists/oss-security/2023/06/06/3 http://securitytracker.com/id?1013911 https://usn.ubuntu.com/4556-1/ Common Vulnerability Exposure (CVE) ID: CVE-2005-1514 Common Vulnerability Exposure (CVE) ID: CVE-2005-1515 Common Vulnerability Exposure (CVE) ID: CVE-2020-3811 https://bugs.debian.org/961060 https://www.openwall.com/lists/oss-security/2020/05/19/8 Common Vulnerability Exposure (CVE) ID: CVE-2020-3812
Copyright	Copyright (C) 2020 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.