Published: 11/05/2005 Updated: 08/02/2024

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote malicious users to cause a denial of service and possibly execute arbitrary code via a large SMTP request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qmail project qmail -
canonical ubuntu linux 20.04
debian debian linux 8.0
debian debian linux 9.0
debian debian linux 10.0

Georgi Guninski and the Qualys Research Labs discovered multiple vulnerabilities in qmail (shipped in Debian as netqmail with additional patches) which could result in the execution of arbitrary code, bypass of mail address verification and a local information leak whether a file exists or not For the oldstable distribution (stretch), these proble ...

In 2005, three vulnerabilities were discovered in qmail but were never fixed because they were believed to be unexploitable in a default installation Qualys recently re-discovered these vulnerabilities and were able to exploit one of them remotely in a default installation ...

RenderDoc versions 126 and below suffer from integer underflow, integer overflow, and symlink vulnerabilities ...

Full Disclosure mailing list archives   By Date By Thread </form>    Remote Code Execution in qmail (CVE-2005-1513)   From: Qualys Sec ...

Full Disclosure mailing list archives   By Date By Thread </form>    Re: Remote Code Execution in qmail (CVE-2005-1513)   From: Qualys ...

oss-sec mailing list archives   By Date By Thread </form>    Remote Code Execution in qmail (CVE-2005-1513)   From: Qualys Security Ad ...

qmail is a secure, reliable, efficient, simple message transfer agent.

qmail qmail is a secure, reliable, efficient, simple message transfer agent It is designed for typical Internet-connected UNIX hosts It was developed by D J Bernstein My patched qmail More info at notessagredoeu/en/qmail-notes-185/patching-qmail-82html This distribution of qmail puts together netqmail-106 with the following patches (more info in the README file

CWE-190 http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0101.html http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html http://securitytracker.com/id?1013911 http://www.openwall.com/lists/oss-security/2020/05/19/8 http://www.openwall.com/lists/oss-security/2020/05/20/2 http://www.openwall.com/lists/oss-security/2020/05/20/5 http://seclists.org/fulldisclosure/2020/May/42 http://packetstormsecurity.com/files/157805/Qualys-Security-Advisory-Qmail-Remote-Code-Execution.html https://www.debian.org/security/2020/dsa-4692 https://lists.debian.org/debian-lts-announce/2020/06/msg00002.html http://www.openwall.com/lists/oss-security/2020/06/16/2 http://seclists.org/fulldisclosure/2020/Jun/27 http://packetstormsecurity.com/files/158203/Qmail-Local-Privilege-Escalation-Remote-Code-Execution.html https://security.gentoo.org/glsa/202007-01 https://usn.ubuntu.com/4556-1/http://www.openwall.com/lists/oss-security/2023/06/06/3 http://seclists.org/fulldisclosure/2023/Jun/2 http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html https://nvd.nist.gov https://www.debian.org/security/2020/dsa-4692 https://github.com/sagredo-dev/qmail

CVE-2005-1513

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect