CVE-2003-0468

MEDIUM

Description

Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.

References

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717

http://marc.info/?l=bugtraq&m=106001525130257&w=2

http://secunia.com/advisories/9433

http://www.debian.org/security/2003/dsa-363

http://www.mandriva.com/security/advisories?name=MDKSA-2003:081

http://www.novell.com/linux/security/advisories/2003_033_postfix.html

http://www.redhat.com/support/errata/RHSA-2003-251.html

http://www.securityfocus.com/bid/8333

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A522

Details

Source: MITRE

Published: 2003-08-27

Updated: 2017-10-11

Type: NVD-CWE-Other

Risk Information

CVSS v2.0

Base Score: 5

Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:wietse_venema:postfix:1.0.21:*:*:*:*:*:*:*

cpe:2.3:a:wietse_venema:postfix:1.1.11:*:*:*:*:*:*:*

cpe:2.3:a:wietse_venema:postfix:1999-09-06:*:*:*:*:*:*:*

cpe:2.3:a:wietse_venema:postfix:1999-12-31:*:*:*:*:*:*:*

cpe:2.3:a:wietse_venema:postfix:2000-02-28:*:*:*:*:*:*:*

cpe:2.3:a:wietse_venema:postfix:2001-11-15:*:*:*:*:*:*:*

cpe:2.3:o:conectiva:linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:conectiva:linux:8.0:*:*:*:*:*:*:*

Tenable Plugins

View all (4 total)

ID	Name	Product	Family	Severity
15200	Debian DSA-363-1 : postfix - denial of service, bounce-scanning	Nessus	Debian Local Security Checks	medium
14063	Mandrake Linux Security Advisory : postfix (MDKSA-2003:081)	Nessus	Mandriva Local Security Checks	medium
13802	SUSE-SA:2003:033: postfix	Nessus	SuSE Local Security Checks	medium
11820	Postfix < 2.0 Multiple Vulnerabilities	Nessus	SMTP problems	medium