| VID |
18091 |
| Severity |
30 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
A version of Courier Mail Server which is older than version 0.50.1 is detected as running on the host. Courier is an open source mail transport agent (MTA) for most Linux and Unix-based operating systems. Courier Mail Server versions prior to 0.50.1 are vulnerable to a remote denial of service vulnerability in the 'spf.c' source file when processing Sender Policy Framework (SPF) data. A remote attacker may potentially trigger a malicious SPF record lookup that will result in a service crash, effectively denying service for legitimate users.
* Note: This check solely relied on the banner of the remote SMTP server to assess this vulnerability, so this might be a false positive.
* Platforms Affected:
Double Precision, Inc., Courier Mail Server versions prior to 0.50.1
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Courier Mail server (0.50.1 or later), available from the SourceForge.net Web page at http://sourceforge.net/projects/courier/ |
| Related URL |
(CVE) |
| Related URL |
14135 (SecurityFocus) |
| Related URL |
(ISS) |
|
