Vulnerabilities > CVE-2005-2151 - Unspecified vulnerability in Double Precision Incorporated Courier Mail Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.
Vulnerable Configurations
Nessus
NASL family SMTP problems NASL id COURIER_0501.NASL description The remote host is running Courier Mail Server, an open source mail server for Linux and Unix. According to its banner, the installed version of Courier is prone to a remote denial of service vulnerability triggered when doing Sender Policy Framework (SPF) data lookups. To exploit this flaw, an attacker would need to control a DNS server and return malicious SPF records in response to queries from the affected application. last seen 2020-06-01 modified 2020-06-02 plugin id 18620 published 2005-07-06 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18620 title Courier Mail Server < 0.50.1 DNS SPF Record Lookup Failure Memory Corruption DoS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(18620); script_version("1.14"); script_cve_id("CVE-2005-2151"); script_bugtraq_id(14135); script_name(english:"Courier Mail Server < 0.50.1 DNS SPF Record Lookup Failure Memory Corruption DoS"); script_set_attribute(attribute:"synopsis", value: "The remote mail server is vulnerable to a denial of service attack." ); script_set_attribute(attribute:"description", value: "The remote host is running Courier Mail Server, an open source mail server for Linux and Unix. According to its banner, the installed version of Courier is prone to a remote denial of service vulnerability triggered when doing Sender Policy Framework (SPF) data lookups. To exploit this flaw, an attacker would need to control a DNS server and return malicious SPF records in response to queries from the affected application." ); script_set_attribute(attribute:"solution", value: "Upgrade to Courier version 0.50.1 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2005/07/06"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/07/02"); script_cvs_date("Date: 2018/07/06 11:26:08"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value: "cpe:/a:double_precision_incorporated:courier_mail_server"); script_end_attributes(); script_summary(english:"Checks version of Courier Mail Server"); script_category(ACT_GATHER_INFO); script_family(english:"SMTP problems"); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_dependencies("smtpserver_detect.nasl"); script_require_ports("Services/smtp", 25); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("smtp_func.inc"); port = get_service(svc:"smtp", default: 25, exit_on_fail: 1); if (get_kb_item('SMTP/'+port+'/broken')) exit(0); # Check the version number in the banner -- versions < 0.50.1 are vulnerable. banner = get_smtp_banner(port:port); if (banner && banner =~ "Courier 0\.([0-4][0-9]\.|50\.0[^0-9]*)") security_note(port);
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-174-1.NASL description A Denial of Service vulnerability has been discovered in the Courier mail server. Due to a flawed status code check, failed DNS (domain name service) queries for SPF (sender policy framework) were not handled properly and could lead to memory corruption. A malicious DNS server could exploit this to crash the Courier server. However, SPF is not enabled by default, so you are only vulnerable if you explicitly enabled it. The Ubuntu 4.10 version of courier is not affected by this. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20584 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20584 title Ubuntu 5.04 : courier vulnerability (USN-174-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-174-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(20584); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:33:00"); script_cve_id("CVE-2005-2151"); script_xref(name:"USN", value:"174-1"); script_name(english:"Ubuntu 5.04 : courier vulnerability (USN-174-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "A Denial of Service vulnerability has been discovered in the Courier mail server. Due to a flawed status code check, failed DNS (domain name service) queries for SPF (sender policy framework) were not handled properly and could lead to memory corruption. A malicious DNS server could exploit this to crash the Courier server. However, SPF is not enabled by default, so you are only vulnerable if you explicitly enabled it. The Ubuntu 4.10 version of courier is not affected by this. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-authdaemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-authmysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-authpostgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-faxmail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-imap-ssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-maildrop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-mlm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-mta"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-mta-ssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-pcp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-pop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-pop-ssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-ssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:courier-webadmin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:sqwebmail"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(5\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"5.04", pkgname:"courier-authdaemon", pkgver:"0.47-3ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"courier-authmysql", pkgver:"0.47-3ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"courier-authpostgresql", pkgver:"0.47-3ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"courier-base", pkgver:"0.47-3ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"courier-doc", pkgver:"0.47-3ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"courier-faxmail", pkgver:"0.47-3ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"courier-imap", pkgver:"3.0.8-3ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"courier-imap-ssl", pkgver:"3.0.8-3ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"courier-ldap", pkgver:"0.47-3ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"courier-maildrop", pkgver:"0.47-3ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"courier-mlm", pkgver:"0.47-3ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"courier-mta", pkgver:"0.47-3ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"courier-mta-ssl", pkgver:"0.47-3ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"courier-pcp", pkgver:"0.47-3ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"courier-pop", pkgver:"0.47-3ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"courier-pop-ssl", pkgver:"0.47-3ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"courier-ssl", pkgver:"0.47-3ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"courier-webadmin", pkgver:"0.47-3ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"sqwebmail", pkgver:"0.47-3ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "courier-authdaemon / courier-authmysql / courier-authpostgresql / etc"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-784.NASL description A problem has been discovered in the Courier Mail Server. DNS failures were not handled properly when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption. The default configuration on Debian has SPF checking disabled, so most machines are not vulnerable. This is explained in the last seen 2020-06-01 modified 2020-06-02 plugin id 19527 published 2005-08-30 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19527 title Debian DSA-784-1 : courier - programming error code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-784. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(19527); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2005-2151"); script_xref(name:"DSA", value:"784"); script_name(english:"Debian DSA-784-1 : courier - programming error"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "A problem has been discovered in the Courier Mail Server. DNS failures were not handled properly when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption. The default configuration on Debian has SPF checking disabled, so most machines are not vulnerable. This is explained in the 'courier' manpage, section SENDER POLICY FRAMEWORK KEYWORDS." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=320290" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2005/dsa-784" ); script_set_attribute( attribute:"solution", value: "Upgrade the courier-mta package. The old stable distribution (woody) is not affected by this problem. For the stable distribution (sarge) this problem has been fixed in version 0.47-4sarge1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:courier"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/08/30"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/07/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"courier-authdaemon", reference:"0.47-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"courier-authmysql", reference:"0.47-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"courier-authpostgresql", reference:"0.47-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"courier-base", reference:"0.47-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"courier-doc", reference:"0.47-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"courier-faxmail", reference:"0.47-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"courier-imap", reference:"3.0.8-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"courier-imap-ssl", reference:"3.0.8-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"courier-ldap", reference:"0.47-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"courier-maildrop", reference:"0.47-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"courier-mlm", reference:"0.47-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"courier-mta", reference:"0.47-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"courier-mta-ssl", reference:"0.47-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"courier-pcp", reference:"0.47-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"courier-pop", reference:"0.47-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"courier-pop-ssl", reference:"0.47-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"courier-ssl", reference:"0.47-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"courier-webadmin", reference:"0.47-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"sqwebmail", reference:"0.47-4sarge1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");