Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 20.04 LTS: USN-4556-1 Critical: Netqmail Input Issues

ubuntu
Calendar Grey September 29, 2020
Dist Ubuntu Esm H88
Security issues in netqmail may cause crashes and allow arbitrary code execution on Ubuntu 20.04 LTS. Immediate updates are advised!
netqmail could be made to crash or run programs as any user (except root) if it received specially crafted network traffic.

Summary

netqmail could be made to crash or run programs as any user (except root) if it

received specially crafted network traffic.

Software Description:

- netqmail: a secure, reliable, efficient, simple message transfer agent

Details:

It was discovered that netqmail did not properly handle certain input. Both

remote and local attackers could use this vulnerability to cause netqmail

to crash or execute arbitrary code. (CVE-2005-1513, CVE-2005-1514,

CVE-2005-1515)

It was discovered that netqmail did not properly handle certain input when

validating email addresses. An attacker could use this to bypass email

address validation. (CVE-2020-3811)

It was discovered that netqmail did not properly handle certain input when

validating email addresses. An attacker could use this vulnerability to

cause netqmail to disclose sensitive information. (CVE-2020-3812)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  qmail                           1.06-6.2~deb10u1build0.20.04.1
  qmail-uids-gids                 1.06-6.2~deb10u1build0.20.04.1

In general, a standard system update will make all the necessary changes.

References

CVE-2005-1513, CVE-2005-1514, CVE-2005-1515, CVE-2020-3811,

CVE-2020-3812

Severity
critical
Lowest
Low
Medium
High
Critical

September 29, 2020

Package Information

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here