Vulnerabilities > CVE-2007-3791 - Remote Buffer Overflow vulnerability in policyd W_Read Function
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in the w_read function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands. NOTE: some of these details are obtained from third party information.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 11 |
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-1361.NASL |
description | It was discovered that postfix-policyd, an anti-spam plugin for postfix, didn |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 25961 |
published | 2007-09-03 |
reporter | This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/25961 |
title | Debian DSA-1361-1 : postfix-policyd - buffer overflow |
code |
|
References
- http://osvdb.org/38091
- http://secunia.com/advisories/26021
- http://secunia.com/advisories/26649
- http://sourceforge.net/project/shownotes.php?release_id=522366
- http://svn.linuxrulz.org/WebSVN/diff.php?repname=Policyd&path=%2Ftrunk%2Fsockets.c&rev=4&sc=0
- http://svn.linuxrulz.org/WebSVN/log.php?repname=Policyd&path=%2Fbranches%2Fv1.8x%2Fsockets.c&rev=0&sc=0&isdir=0
- http://www.debian.org/security/2007/dsa-1361
- http://www.securityfocus.com/bid/24899
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35394