A vulnerability has been found in Dan Bernstein qmail (Mail Server Software) (the affected version is unknown) and classified as critical. Affected by this vulnerability is an unknown code of the file commands.c. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. As an impact it is known to affect availability. The summary by CVE is:

commands.c in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SMTP command without a space character, which causes an array to be referenced with a negative index.

The weakness was released 05/11/2005 (Website). The advisory is shared at guninski.com. This vulnerability is known as CVE-2005-1514 since 05/11/2005. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details are known, but no exploit is available.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Entries connected to this vulnerability are available at 1538 and 25140.

Productinfo

Type

• Mail Server Software

Vendor

• Dan Bernstein

Name

• qmail

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion