[原文]commands.c in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SMTP command without a space character, which causes an array to be referenced with a negative index.
A remote overflow exists in qmail when running on 64 bit platforms with 8GB of virtual memory or more. The 'commands()' function fails to perform proper bounds checking resulting in an integer overflow. With a specially crafted request, a remote attacker can cause the process to crash resulting in a loss of availability.
-
时间线
2005-05-06
Unknow
Unknow
Unknow
-
解决方案
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.