CVE-2003-0468

medium

Description

Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A522

http://www.securityfocus.com/bid/8333

http://www.redhat.com/support/errata/RHSA-2003-251.html

http://www.novell.com/linux/security/advisories/2003_033_postfix.html

http://www.mandriva.com/security/advisories?name=MDKSA-2003:081

http://www.debian.org/security/2003/dsa-363

http://secunia.com/advisories/9433

http://marc.info/?l=bugtraq&m=106001525130257&w=2

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717

Details

Source: Mitre, NVD

Published: 2003-08-27

Updated: 2017-10-11

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium