CVE-2003-0468

Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717
http://marc.info/?l=bugtraq&m=106001525130257&w=2
http://secunia.com/advisories/9433
http://www.debian.org/security/2003/dsa-363	Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2003:081
http://www.novell.com/linux/security/advisories/2003_033_postfix.html
http://www.redhat.com/support/errata/RHSA-2003-251.html
http://www.securityfocus.com/bid/8333
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A522
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717
http://marc.info/?l=bugtraq&m=106001525130257&w=2
http://secunia.com/advisories/9433
http://www.debian.org/security/2003/dsa-363	Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2003:081
http://www.novell.com/linux/security/advisories/2003_033_postfix.html
http://www.redhat.com/support/errata/RHSA-2003-251.html
http://www.securityfocus.com/bid/8333
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A522

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:wietse_venema:postfix:1.0.21:::::::*
	cpe:2.3:a:wietse_venema:postfix:1.1.11:::::::*
	cpe:2.3:a:wietse_venema:postfix:1999-09-06:::::::*
	cpe:2.3:a:wietse_venema:postfix:1999-12-31:::::::*
	cpe:2.3:a:wietse_venema:postfix:2000-02-28:::::::*
	cpe:2.3:a:wietse_venema:postfix:2001-11-15:::::::*
	cpe:2.3:o:conectiva:linux:7.0:::::::*
	cpe:2.3:o:conectiva:linux:8.0:::::::*

History

20 Nov 2024, 23:44

Type	Values Removed	Values Added
References	~~() http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717 -~~	() http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717 -
References	~~() http://marc.info/?l=bugtraq&m=106001525130257&w=2 -~~	() http://marc.info/?l=bugtraq&m=106001525130257&w=2 -
References	~~() http://secunia.com/advisories/9433 -~~	() http://secunia.com/advisories/9433 -
References	~~() http://www.debian.org/security/2003/dsa-363 - Patch, Vendor Advisory~~	() http://www.debian.org/security/2003/dsa-363 - Patch, Vendor Advisory
References	~~() http://www.mandriva.com/security/advisories?name=MDKSA-2003:081 -~~	() http://www.mandriva.com/security/advisories?name=MDKSA-2003:081 -
References	~~() http://www.novell.com/linux/security/advisories/2003_033_postfix.html -~~	() http://www.novell.com/linux/security/advisories/2003_033_postfix.html -
References	~~() http://www.redhat.com/support/errata/RHSA-2003-251.html -~~	() http://www.redhat.com/support/errata/RHSA-2003-251.html -
References	~~() http://www.securityfocus.com/bid/8333 -~~	() http://www.securityfocus.com/bid/8333 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A522 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A522 -

Information

Published : 2003-08-27 04:00

Updated : 2024-11-20 23:44

NVD link : CVE-2003-0468

Mitre link : CVE-2003-0468

CVE.ORG link : CVE-2003-0468

JSON object : View

Products Affected

wietse_venema

postfix

conectiva

linux

CWE

NVD-CWE-Other

5.0 /10