Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0468

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2003-0468
Last Modified 10 Sep 2008 03:19:05
Published 27 Aug 2003 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0468

Summary

Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.

Vulnerable Systems

Operating System

  • Conectiva Linux 7.0

  • Conectiva Linux 8.0

Application

  • Wietse Venema Postfix 1.0.21

  • Wietse Venema Postfix 1.1.11

  • Wietse Venema Postfix 1999-09-06

  • Wietse Venema Postfix 1999-12-31

  • Wietse Venema Postfix 2000-02-28

  • Wietse Venema Postfix 2001-11-15


References

DEBIAN - DSA-363

BUGTRAQ - 20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning

BID - 8333

REDHAT - RHSA-2003:251

SUSE - SuSE-SA:2003:033

SECUNIA - 9433

MANDRAKE - MDKSA-2003:081

CONECTIVA - CLA-2003:717


Last Updated: 27 May 2016 10:37:56