AMaViS - Security Announcements

There are currently no known vulnerabilities pending. Security issues should be reported to security at amavis dot org

filenamelast modifiedaffected versionsvulernability typepriority
asa-2007-3.txt06/06/07 (18:00:28)amavis/amavisd/amavisd-new GNU file utility integer underflow/possible DoSurgent
asa-2007-2.txt05/17/07 (10:08:34)amavis/amavisd/amavisd-new/amavis-ng ZOO archive decompression infinite loop DoSurgent
asa-2007-1.txt03/26/07 (17:20:17)amavis/amavisd/amavisd-new GNU file utility integer underflowurgent
asa-2006-1.txt02/08/07 (22:12:31)amavis/amavisd/amavisd-new/amavis-ngConvert::UUlib 1.04 exploitable buffer overflowurgent
asa-2004-6.txt10/26/04 (20:35:06)amavis/amavisd/amavisd-new/amavis-ngbypass of malicious code due to manipulated ZIP fileurgent
asa-2004-5.txt08/04/04 (18:50:11)AMaViS 0.2.1 (if ripMIME is used)ripMIME decoding issueurgent
asa-2004-4.txt07/21/04 (19:21:19)AMaViS 0.1.x / 0.2.xsecurity maintenance ends on 2004-08-01urgent
asa-2004-3.txt05/02/04 (17:23:01)all AMaViS versionsLHa buffer overflows and directory traversal problemsurgent
asa-2004-2.txt03/06/04 (22:09:24)AMaViS 0.1.x / 0.2.x if metamail is usedpossible remote system compromiseurgent
asa-2004-1.txt01/19/04 (21:29:18)AMaViS 0.2.x/0.3.x/amavisd
below amavisd-new-20021116
amavis-ng
special-crafted compressed file(s) may cause heavy server load or even DoSurgent
asa-2003-2.txt09/15/03 (20:04:47)AMaViS-0.1x/0.2.x/0.3.x/amavisd
amavisd-new below 20021227-p2
virus notifications may generate enormous traffic and annoy innocent peoplenormal
asa-2003-1.txt03/11/03 (17:07:01)AMaViS-0.1.x/0.2.x/0.3.x/amavisd
amavis-ng is NOT affected
arbitrary code execution through buffer overflow in GNU file(1)urgent
asa-2002-2.txt09/05/02 (07:45:36)AMaViS-0.1.x/0.2.x
amavis-perl/amavisd is NOT affected
potential DoS attack by special crafted TAR filesold still valid
asa-2002-1.txt08/26/02 (10:59:04)AMaViS-0.2.1 - if ripMIME is used
amavis-perl/amavisd is NOT affected
eMail worm W32/Klez may not be detectedold but still valid
asa-2001-1.txt08/26/02 (10:58:45)AMaViS-0.2.1 - if reformime is used
amavis-perl/amavisd is NOT affected
eMail worm W32/Aliz may not be detectedold still valid
asa-2000-5.txt12/12/00 (08:00:00)AMaViS-Perl below AMaViS-Perl-10script viruses (i.e. vbs worms) may not be detectedold
asa-2000-4.txt10/26/00 (02:47:12)AMaViS-Perl below AMaViS-Perl-8
AMaViS-0.2.1-pre1 / -pre2
AMaViS-0.2.0-pre6-clm-rl-8-12-06-2000 and later
AMaViS-Perl-7 provided by SuSE as rpm is *NOT* affected
AMaViS can lose parts of email messagesold
asa-2000-3.txt08/07/00 (18:49:11)AMaViS 0.2.1-pre1 if metamail is usedAMaViS is configured with the wrong switches for metamil / no mail splittingold
asa-2000-2.txt08/07/00 (18:49:10)AMaViS 0.2.0-pre6-clm-rl-8-04-07-2000 and laterattacker could pass virus through AMaViS / Denial-of-Service attack against AMaViSold
asa-2000-1.txt08/07/00 (18:49:08)all AMaViS 0.2.x releases using metamail
(AMaViS-Perl is NOT affected)
some eMail worms (i.e. KAKworm) may not be detectedstill valid

[Powered by Google]   Translate this page to      

© 1997-2007 amavis.org
Wed Feb 22 08:30:12 2017 http://amavis.sourceforge.net/security/index.php
Codebase: Revision: v0.2.7 (Wed Jul 22 03:05:59 2015 by reniar)