Debian Security Advisory

DSA-1361-1 postfix-policyd -- buffer overflow

Date Reported:
29 Aug 2007
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2007-3791.
More information:

It was discovered that postfix-policyd, an anti-spam plugin for postfix, didn't correctly test lengths of incoming SMTP commands potentially allowing the remote execution of arbitrary code.

For the old stable distribution (sarge), this package was not present.

For the stable distribution (etch), this problem has been fixed in version 1.80-2.1etch1.

For the unstable distribution (sid), this problem has been fixed in version 1.80-2.2.

We recommend that you upgrade your postfix-policyd package.

Fixed in:

Debian GNU/Linux 4.0 alias etch

alpha architecture (DEC Alpha)
amd64 architecture (AMD x86_64 (AMD64))
arm architecture (ARM)
hppa architecture (HP PA RISC)
i386 architecture (Intel ia32)
ia64 architecture (Intel ia64)
mips architecture (MIPS (Big Endian))
mipsel architecture (MIPS (Little Endian))
s390 architecture (IBM S/390)
sparc architecture (Sun SPARC/UltraSPARC)

MD5 checksums of the listed files are available in the original advisory.