CVE-2005-2151
published 2005-07-06CVE-2005-2151: spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause…
PriorityP416medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
0.92%
55.8th percentile
spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | courier | < courier 0.47-6 (bookworm) | courier 0.47-6 (bookworm) |
| double_precision_incorporated | courier_mail_server | — | — |
| double_precision_incorporated | courier_mail_server | — | — |
| double_precision_incorporated | courier_mail_server | — | — |
| double_precision_incorporated | courier_mail_server | — | — |
| double_precision_incorporated | courier_mail_server | — | — |
| double_precision_incorporated | courier_mail_server | — | — |
| double_precision_incorporated | courier_mail_server | — | — |
| double_precision_incorporated | courier_mail_server | >= 0 < 0.47-6 | 0.47-6 |
| double_precision_incorporated | courier_mail_server | >= 0 < 0.47-6 | 0.47-6 |
| double_precision_incorporated | courier_mail_server | >= 0 < 0.47-6 | 0.47-6 |
| double_precision_incorporated | courier_mail_server | >= 0 < 0.47-6 | 0.47-6 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vendor_debian5.0LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j458-3qc3-3hff: spf
ghsa_unreviewed·2022-05-01
CVE-2005-2151 [MEDIUM] GHSA-j458-3qc3-3hff: spf
spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.
OSV
CVE-2005-2151: spf
osv·2005-07-06·CVSS 5.0
CVE-2005-2151 [MEDIUM] CVE-2005-2151: spf
spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.
Ubuntu
courier vulnerability
vendor_ubuntu·2005-08-26
CVE-2005-2151 courier vulnerability
Title: courier vulnerability
Summary: courier vulnerability
A Denial of Service vulnerability has been discovered in the Courier
mail server. Due to a flawed status code check, failed DNS (domain
name service) queries for SPF (sender policy framework) were not
handled properly and could lead to memory corruption. A malicious DNS
server could exploit this to crash the Courier server.
However, SPF is not enabled by default, so you are only vulnerable if
you explicitly enabled it.
The Ubuntu 4.10 version of courier is not affected by this.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2005-2151: courier - spf.c in Courier Mail Server does not properly handle DNS failures when looking ...
vendor_debian·2005·CVSS 5.0
CVE-2005-2151 [MEDIUM] CVE-2005-2151: courier - spf.c in Courier Mail Server does not properly handle DNS failures when looking ...
spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.
Scope: local
bookworm: resolved (fixed in 0.47-6)
bullseye: resolved (fixed in 0.47-6)
forky: resolved (fixed in 0.47-6)
sid: resolved (fixed in 0.47-6)
trixie: resolved (fixed in 0.47-6)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2005-07-06
Published