CVE-2003-0468

MEDIUM

Description

Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.

References

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717

http://marc.info/?l=bugtraq&m=106001525130257&w=2

http://secunia.com/advisories/9433

http://www.debian.org/security/2003/dsa-363

http://www.mandriva.com/security/advisories?name=MDKSA-2003:081

http://www.novell.com/linux/security/advisories/2003_033_postfix.html

http://www.redhat.com/support/errata/RHSA-2003-251.html

http://www.securityfocus.com/bid/8333

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A522

Details

Source: MITRE

Published: 2003-08-27

Updated: 2017-10-11

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM