Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0540

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2003-0540
Last Modified 10 Sep 2008 03:19:33
Published 27 Aug 2003 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0540

Summary

The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.

Vulnerable Systems

Operating System

  • Conectiva Linux 7.0

  • Conectiva Linux 8.0

Application

  • Wietse Venema Postfix 1.0.21

  • Wietse Venema Postfix 1.1.11

  • Wietse Venema Postfix 1.1.12

  • Wietse Venema Postfix 1999-09-06

  • Wietse Venema Postfix 1999-12-31

  • Wietse Venema Postfix 2000-02-28

  • Wietse Venema Postfix 2001-11-15


References

CERT-VN - VU#895508

REDHAT - RHSA-2003:251

DEBIAN - DSA-363

BID - 8333

SUSE - SuSE-SA:2003:033

ENGARDE - ESA-20030804-019

SECUNIA - 9433

TRUSTIX - 2003-0029

FULLDISC - 20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning

CONECTIVA - CLA-2003:717

MANDRAKE - MDKSA-2003:081


Last Updated: 27 May 2016 10:37:57