Launchpad CVE tracker

CVE 2007-3791

Buffer overflow in the w_read function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands. NOTE: some of these details are obtained from third party information.

Related bugs and status

CVE-2007-3791 (Candidate) is related to these bugs:

Bug #132088: [Sync request] Sync postfix-policyd (1.80-2.2) from Debian unstable (main)

Summary				In	Importance	Status
	132088	[Sync request] Sync postfix-policyd (1.80-2.2) from Debian unstable (main)		postfix-policyd (Ubuntu)	Wishlist	Fix Released

Bug #136687: buffer overflow in w_read function (possible DoS and execution of arbitary code)

		In	Importance	Status
136687	buffer overflow in w_read function (possible DoS and execution of arbitary code)	postfix-policyd (Ubuntu)	Undecided	Fix Released
136687	buffer overflow in w_read function (possible DoS and execution of arbitary code)	postfix-policyd (Ubuntu Feisty)	High	Fix Released
136687	buffer overflow in w_read function (possible DoS and execution of arbitary code)	postfix-policyd (Ubuntu Gutsy)	Undecided	Fix Released
136687	buffer overflow in w_read function (possible DoS and execution of arbitary code)	postfix-policyd (Ubuntu Dapper)	Undecided	Invalid
136687	buffer overflow in w_read function (possible DoS and execution of arbitary code)	postfix-policyd (Ubuntu Edgy)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-3791

References