Courier MTA: Denial of Service vulnerability — GLSA 200608-06

Courier MTA has fixed a DoS issue related to usernames containing a "=" character.

Affected Packages

mail-mta/courier on all architectures
Affected versions < 0.53.2
Unaffected versions >= 0.53.2

Background

Courier MTA is an integrated mail and groupware server based on open protocols.

Description

Courier MTA has fixed a security issue relating to usernames containing the "=" character, causing high CPU utilization.

Impact

An attacker could exploit this vulnerability by sending a specially crafted email to a mail gateway running a vulnerable version of Courier MTA.

Workaround

There is no known workaround at this time.

Resolution

All Courier MTA users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=mail-mta/courier-0.53.2"

References

Release Date
August 04, 2006

Latest Revision
August 04, 2006: 01

Severity
normal

Exploitable
remote

Bugzilla entries