Courier Mail Server < 0.50.1 DNS SPF Record Lookup Failure Memory Corruption DoS
Low Nessus Plugin ID 18620
SynopsisThe remote mail server is vulnerable to a denial of service attack.
DescriptionThe remote host is running Courier Mail Server, an open source mail server for Linux and Unix.
According to its banner, the installed version of Courier is prone to a remote denial of service vulnerability triggered when doing Sender Policy Framework (SPF) data lookups. To exploit this flaw, an attacker would need to control a DNS server and return malicious SPF records in response to queries from the affected application.
SolutionUpgrade to Courier version 0.50.1 or later.