Security Information / 2007 / Security Information -- DSA-1361-1 postfix-policyd

Debian Security Advisory

DSA-1361-1 postfix-policyd -- buffer overflow

Date Reported:

29 Aug 2007

Affected Packages:

postfix-policyd

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2007-3791.

More information:

It was discovered that postfix-policyd, an anti-spam plugin for postfix, didn't correctly test lengths of incoming SMTP commands potentially allowing the remote execution of arbitrary code.

For the old stable distribution (sarge), this package was not present.

For the stable distribution (etch), this problem has been fixed in version 1.80-2.1etch1.

For the unstable distribution (sid), this problem has been fixed in version 1.80-2.2.

We recommend that you upgrade your postfix-policyd package.

Fixed in:

Debian GNU/Linux 4.0 alias etch

Source:

http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1.diff.gz

http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1.dsc

http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80.orig.tar.gz

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_alpha.deb

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_amd64.deb

arm architecture (ARM)

http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_arm.deb

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_hppa.deb

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_i386.deb

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_ia64.deb

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_mips.deb

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_mipsel.deb

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_s390.deb

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_sparc.deb

MD5 checksums of the listed files are available in the original advisory.