AMaViS - Security Announcements |
|---|
There are currently no known vulnerabilities pending. Security issues should be reported to security at amavis dot org
| filename | last modified | affected versions | vulernability type | priority |
|---|---|---|---|---|
| asa-2007-3.txt | 06/06/07 (11:00:28) | amavis/amavisd/amavisd-new | GNU file utility integer underflow/possible DoS | urgent |
| asa-2007-2.txt | 05/17/07 (03:08:34) | amavis/amavisd/amavisd-new/amavis-ng | ZOO archive decompression infinite loop DoS | urgent |
| asa-2007-1.txt | 03/26/07 (10:20:17) | amavis/amavisd/amavisd-new | GNU file utility integer underflow | urgent |
| asa-2006-1.txt | 02/08/07 (14:12:31) | amavis/amavisd/amavisd-new/amavis-ng | Convert::UUlib 1.04 exploitable buffer overflow | urgent |
| asa-2004-6.txt | 10/26/04 (13:35:06) | amavis/amavisd/amavisd-new/amavis-ng | bypass of malicious code due to manipulated ZIP file | urgent |
| asa-2004-5.txt | 08/04/04 (11:50:11) | AMaViS 0.2.1 (if ripMIME is used) | ripMIME decoding issue | urgent |
| asa-2004-4.txt | 07/21/04 (12:21:19) | AMaViS 0.1.x / 0.2.x | security maintenance ends on 2004-08-01 | urgent |
| asa-2004-3.txt | 05/02/04 (10:23:01) | all AMaViS versions | LHa buffer overflows and directory traversal problems | urgent |
| asa-2004-2.txt | 03/06/04 (14:09:24) | AMaViS 0.1.x / 0.2.x if metamail is used | possible remote system compromise | urgent |
| asa-2004-1.txt | 01/19/04 (13:29:18) | AMaViS 0.2.x/0.3.x/amavisd below amavisd-new-20021116 amavis-ng | special-crafted compressed file(s) may cause heavy server load or even DoS | urgent |
| asa-2003-2.txt | 09/15/03 (13:04:47) | AMaViS-0.1x/0.2.x/0.3.x/amavisd amavisd-new below 20021227-p2 | virus notifications may generate enormous traffic and annoy innocent people | normal |
| asa-2003-1.txt | 03/11/03 (09:07:01) | AMaViS-0.1.x/0.2.x/0.3.x/amavisd amavis-ng is NOT affected | arbitrary code execution through buffer overflow in GNU file(1) | urgent |
| asa-2002-2.txt | 09/05/02 (00:45:36) | AMaViS-0.1.x/0.2.x amavis-perl/amavisd is NOT affected | potential DoS attack by special crafted TAR files | old still valid |
| asa-2002-1.txt | 08/26/02 (03:59:04) | AMaViS-0.2.1 - if ripMIME is used amavis-perl/amavisd is NOT affected | eMail worm W32/Klez may not be detected | old but still valid |
| asa-2001-1.txt | 08/26/02 (03:58:45) | AMaViS-0.2.1 - if reformime is used amavis-perl/amavisd is NOT affected | eMail worm W32/Aliz may not be detected | old still valid |
| asa-2000-5.txt | 12/12/00 (00:00:00) | AMaViS-Perl below AMaViS-Perl-10 | script viruses (i.e. vbs worms) may not be detected | old |
| asa-2000-4.txt | 10/25/00 (19:47:12) | AMaViS-Perl below AMaViS-Perl-8 AMaViS-0.2.1-pre1 / -pre2 AMaViS-0.2.0-pre6-clm-rl-8-12-06-2000 and later AMaViS-Perl-7 provided by SuSE as rpm is *NOT* affected | AMaViS can lose parts of email messages | old |
| asa-2000-3.txt | 08/07/00 (11:49:11) | AMaViS 0.2.1-pre1 if metamail is used | AMaViS is configured with the wrong switches for metamil / no mail splitting | old |
| asa-2000-2.txt | 08/07/00 (11:49:10) | AMaViS 0.2.0-pre6-clm-rl-8-04-07-2000 and later | attacker could pass virus through AMaViS / Denial-of-Service attack against AMaViS | old |
| asa-2000-1.txt | 08/07/00 (11:49:08) | all AMaViS 0.2.x releases using metamail (AMaViS-Perl is NOT affected) | some eMail worms (i.e. KAKworm) may not be detected | still valid |
| © 1997-2007 amavis.org |