Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2007-3791

It was discovered that postfix-policyd, an anti-spam plugin for postfix, didn't correctly test lengths of incoming SMTP commands potentially allowing the remote execution of arbitrary code. For the old stable distribution (sarge), this package was not present. For the stable distribution (etch), this problem has been fixed in version 1.80-2.1etch1. For the unstable distribution (sid), this problem has been fixed in version 1.80-2.2. We recommend that you upgrade your postfix-policyd package.

Source

Debian Security Advisory

DSA-1361-1 postfix-policyd -- buffer overflow

Date Reported:

29 Aug 2007

Affected Packages:

postfix-policyd

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2007-3791.

More information:

It was discovered that postfix-policyd, an anti-spam plugin for postfix, didn't correctly test lengths of incoming SMTP commands potentially allowing the remote execution of arbitrary code.

For the old stable distribution (sarge), this package was not present.

For the stable distribution (etch), this problem has been fixed in version 1.80-2.1etch4.

For the unstable distribution (sid), this problem has been fixed in version 1.80-2.2.

We recommend that you upgrade your postfix-policyd package.

Fixed in:

Debian GNU/Linux 4.0 alias etch

Source:: http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch4.diff.gz; http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch4.dsc; http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80.orig.tar.gz
alpha architecture (DEC Alpha): http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch4_alpha.deb
amd64 architecture (AMD x86_64 (AMD64)): http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch4_amd64.deb
arm architecture (ARM): http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch4_arm.deb
hppa architecture (HP PA RISC): http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch4_hppa.deb
i386 architecture (Intel ia32): http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch4_i386.deb
ia64 architecture (Intel ia64): http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch4_ia64.deb
mips architecture (MIPS (Big Endian)): http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch4_mips.deb
mipsel architecture (MIPS (Little Endian)): http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch4_mipsel.deb
s390 architecture (IBM S/390): http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch4_s390.deb
sparc architecture (Sun SPARC/UltraSPARC): http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch4_sparc.deb

MD5 checksums of the listed files are available in the original advisory.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

DSA-1361-1 postfix-policyd -- buffer overflow

Debian Security Advisory

DSA-1361-1 postfix-policyd -- buffer overflow

Debian GNU/Linux 4.0 alias etch

Vulmon Search

About

Products

Connect