Ubuntu 4.10 : postfix vulnerability (USN-74-1)

Ubuntu Security Notice (C) 2005-2013 Canonical, Inc. / NASL script (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Jean-Samuel Reynaud noticed a programming error in the IPv6 handling
code of Postfix when /proc/net/if_inet6 is not available (which is the
case in Ubuntu since Postfix runs in a chroot). If 'permit_mx_backup'
was enabled in the 'smtpd_recipient_restrictions', Postfix turned into
an open relay, i. e. erroneously permitted the delivery of arbitrary
mail to any MX host which has an IPv6 address.

Solution :

Update the affected packages.

Risk factor :

High

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 20695 ()

Bugtraq ID:

CVE ID: