Hi
The following can be done to verify the issue: Install both qmail and
checkpw.
# qmail-popup sid /usr/bin/checkpw id
+OK <20138.1426255113@sid>
user foo--bar
+OK
pass foobar
now checkpw on the host will enter an infinite loop consuming cpu
ressources.
Regards,
Salvatore
--
To UNSUBSCRIBE
Package: checkpw
Severity: grave
Tags: security
Hi Gerrit,
please see
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0885
(feel free to lower the severity, I don't know checkpw myself)
I'm attaching a cleaned-up diff between the 1.03 and 1.02 releases.
Cheers,
Moritz
diff -Naur
2 matches
Mail list logo