Vulnerabilities (CVE)

Filtered by vendor Wietse Venema Subscribe
Filtered by product Postfix
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-0337 3 Redhat, Suse, Wietse Venema 4 Enterprise Linux, Enterprise Linux Desktop, Suse Linux and 1 more 2024-11-20 7.5 HIGH N/A
Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
CVE-2003-0540 2 Conectiva, Wietse Venema 2 Linux, Postfix 2024-11-20 5.0 MEDIUM N/A
The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.
CVE-2003-0468 2 Conectiva, Wietse Venema 2 Linux, Postfix 2024-11-20 5.0 MEDIUM N/A
Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.
CVE-2001-0894 1 Wietse Venema 1 Postfix 2024-11-20 5.0 MEDIUM N/A
Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large.