• info
• discussion
• exploit
• solution
• references

Courier Mail Server Username Encoding Remote Denial Of Service Vulnerability

Solution:
The vendor has released an update to address this issue.

Please see the referenced vendor advisories for more information on obtaining and applying fixes.


Double Precision Incorporated Courier MTA 0.37.3

• Double Precision Incorporated courier-0.53.2.tar.bz2
  http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2

Double Precision Incorporated Courier MTA 0.38.1

• Double Precision Incorporated courier-0.53.2.tar.bz2
  http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2

Double Precision Incorporated Courier MTA 0.40

• Double Precision Incorporated courier-0.53.2.tar.bz2
  http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2

Double Precision Incorporated Courier MTA 0.40.1

• Double Precision Incorporated courier-0.53.2.tar.bz2
  http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2

Double Precision Incorporated Courier MTA 0.42.2

• Double Precision Incorporated courier-0.53.2.tar.bz2
  http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2

Double Precision Incorporated Courier MTA 0.43

• Double Precision Incorporated courier-0.53.2.tar.bz2
  http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2

Double Precision Incorporated Courier MTA 0.43.1

• Double Precision Incorporated courier-0.53.2.tar.bz2
  http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2

Double Precision Incorporated Courier MTA 0.43.2

• Double Precision Incorporated courier-0.53.2.tar.bz2
  http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2

Double Precision Incorporated Courier MTA 0.44

• Double Precision Incorporated courier-0.53.2.tar.bz2
  http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2

Double Precision Incorporated Courier MTA 0.44.2

• Double Precision Incorporated courier-0.53.2.tar.bz2
  http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2

Double Precision Incorporated Courier MTA 0.45

• Double Precision Incorporated courier-0.53.2.tar.bz2
  http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2

Double Precision Incorporated Courier MTA 0.45.1

• Double Precision Incorporated courier-0.53.2.tar.bz2
  http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2

Double Precision Incorporated Courier MTA 0.47

• Double Precision Incorporated courier-0.53.2.tar.bz2
  http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2

Double Precision Incorporated Courier Mail Server 0.47

• Double Precision Incorporated courier-0.53.2.tar.bz2
  http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2

Double Precision Incorporated Courier Mail Server 0.50

• Double Precision Incorporated courier-0.53.2.tar.bz2
  http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2

Double Precision Incorporated Courier Mail Server 0.50.1

• Double Precision Incorporated courier-0.53.2.tar.bz2
  http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2

Double Precision Incorporated Courier Mail Server 0.53

• Double Precision Incorporated courier-0.53.2.tar.bz2
  http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2

Double Precision Incorporated Courier Mail Server 0.53.1

• Double Precision Incorporated courier-0.53.2.tar.bz2
  http://prdownloads.sourceforge.net/courier/courier-0.53.2.tar.bz2

Courier Mail Server Courier Imap 3.0.8

• Debian courier-imap-ssl_3.0.8-4sarge5_alpha.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/c/courier/courier-imap-ss l_3.0.8-4sarge5_alpha.deb


• Debian courier-imap-ssl_3.0.8-4sarge5_amd64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/c/courier/courier-imap-ss l_3.0.8-4sarge5_amd64.deb


• Debian courier-imap-ssl_3.0.8-4sarge5_arm.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/c/courier/courier-imap-ss l_3.0.8-4sarge5_arm.deb


• Debian courier-imap-ssl_3.0.8-4sarge5_hppa.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/c/courier/courier-imap-ss l_3.0.8-4sarge5_hppa.deb


• Debian courier-imap-ssl_3.0.8-4sarge5_i386.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/c/courier/courier-imap-ss l_3.0.8-4sarge5_i386.deb


• Debian courier-imap-ssl_3.0.8-4sarge5_ia64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/c/courier/courier-imap-ss l_3.0.8-4sarge5_ia64.deb


• Debian courier-imap-ssl_3.0.8-4sarge5_m68k.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/c/courier/courier-imap-ss l_3.0.8-4sarge5_m68k.deb


• Debian courier-imap-ssl_3.0.8-4sarge5_mips.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/c/courier/courier-imap-ss l_3.0.8-4sarge5_mips.deb


• Debian courier-imap-ssl_3.0.8-4sarge5_mipsel.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/c/courier/courier-imap-ss l_3.0.8-4sarge5_mipsel.deb


• Debian courier-imap-ssl_3.0.8-4sarge5_powerpc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/c/courier/courier-imap-ss l_3.0.8-4sarge5_powerpc.deb


• Debian courier-imap-ssl_3.0.8-4sarge5_s390.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/c/courier/courier-imap-ss l_3.0.8-4sarge5_s390.deb


• Debian courier-imap-ssl_3.0.8-4sarge5_sparc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/c/courier/courier-imap-ss l_3.0.8-4sarge5_sparc.deb


• Debian courier-imap_3.0.8-4sarge5_alpha.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/c/courier/courier-imap_3. 0.8-4sarge5_alpha.deb


• Debian courier-imap_3.0.8-4sarge5_amd64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/c/courier/courier-imap_3. 0.8-4sarge5_amd64.deb


• Debian courier-imap_3.0.8-4sarge5_arm.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/c/courier/courier-imap_3. 0.8-4sarge5_arm.deb


• Debian courier-imap_3.0.8-4sarge5_hppa.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/c/courier/courier-imap_3. 0.8-4sarge5_hppa.deb


• Debian courier-imap_3.0.8-4sarge5_i386.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/c/courier/courier-imap_3. 0.8-4sarge5_i386.deb


• Debian courier-imap_3.0.8-4sarge5_ia64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/c/courier/courier-imap_3. 0.8-4sarge5_ia64.deb


• Debian courier-imap_3.0.8-4sarge5_m68k.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/c/courier/courier-imap_3. 0.8-4sarge5_m68k.deb


• Debian courier-imap_3.0.8-4sarge5_mips.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/c/courier/courier-imap_3. 0.8-4sarge5_mips.deb


• Debian courier-imap_3.0.8-4sarge5_mipsel.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/c/courier/courier-imap_3. 0.8-4sarge5_mipsel.deb


• Debian courier-imap_3.0.8-4sarge5_powerpc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/c/courier/courier-imap_3. 0.8-4sarge5_powerpc.deb


• Debian courier-imap_3.0.8-4sarge5_s390.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/c/courier/courier-imap_3. 0.8-4sarge5_s390.deb


• Debian courier-imap_3.0.8-4sarge5_sparc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/c/courier/courier-imap_3. 0.8-4sarge5_sparc.deb