GLSA-200608-06 : Courier MTA: Denial of Service vulnerability
High Nessus Plugin ID 22148
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200608-06 (Courier MTA: Denial of Service vulnerability)
Courier MTA has fixed a security issue relating to usernames containing the '=' character, causing high CPU utilization.
An attacker could exploit this vulnerability by sending a specially crafted email to a mail gateway running a vulnerable version of Courier MTA.
There is no known workaround at this time.
SolutionAll Courier MTA users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=mail-mta/courier-0.53.2'