ID CVE-2003-0468
Summary Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.
References
Vulnerable Configurations
  • cpe:2.3:a:wietse_venema:postfix:1.0.21
    cpe:2.3:a:wietse_venema:postfix:1.0.21
  • cpe:2.3:a:wietse_venema:postfix:1.1.11
    cpe:2.3:a:wietse_venema:postfix:1.1.11
  • cpe:2.3:a:wietse_venema:postfix:1999-09-06
    cpe:2.3:a:wietse_venema:postfix:1999-09-06
  • cpe:2.3:a:wietse_venema:postfix:1999-12-31
    cpe:2.3:a:wietse_venema:postfix:1999-12-31
  • cpe:2.3:a:wietse_venema:postfix:2000-02-28
    cpe:2.3:a:wietse_venema:postfix:2000-02-28
  • cpe:2.3:a:wietse_venema:postfix:2001-11-15
    cpe:2.3:a:wietse_venema:postfix:2001-11-15
  • Conectiva Conectiva Linux 7.0
    cpe:2.3:o:conectiva:linux:7.0
  • Conectiva Conectiva Linux 8.0
    cpe:2.3:o:conectiva:linux:8.0
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SA_2003_033.NASL
    description The remote host is missing the patch for the advisory SUSE-SA:2003:033 (postfix). Postfix is a flexible MTA replacement for sendmail. Michal Zalewski has reported problems in postfix which can lead to a remote DoS attack or allow attackers to bounce-scan private networks. These problems have been fixed. Even though not all of our products are vulnerable in their default configurations, the updates should be applied. In order for the update to take effect, you have to restart your MTA by issuing the following command as root: '/sbin/rcpostfix restart' Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command 'rpm -Fhv file.rpm' to apply the update.
    last seen 2019-02-21
    modified 2016-12-27
    plugin id 13802
    published 2004-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13802
    title SUSE-SA:2003:033: postfix
  • NASL family SMTP problems
    NASL id POSTFIX_VULNS.NASL
    description The remote host is running a version of Postfix that is as old as or older than 1.1.12. There are two vulnerabilities in this version that could allow an attacker to remotely disable it, or to be used as a DDoS agent against arbitrary hosts.
    last seen 2019-02-21
    modified 2018-09-24
    plugin id 11820
    published 2003-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11820
    title Postfix < 2.0 Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-363.NASL
    description The postfix mail transport agent in Debian 3.0 contains two vulnerabilities : - CAN-2003-0468: Postfix would allow an attacker to bounce-scan private networks or use the daemon as a DDoS tool by forcing the daemon to connect to an arbitrary service at an arbitrary IP address and either receiving a bounce message or observing queue operations to infer the status of the delivery attempt. - CAN-2003-0540: a malformed envelope address can 1) cause the queue manager to lock up until an entry is removed from the queue and 2) lock up the smtp listener leading to a denial of service.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 15200
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15200
    title Debian DSA-363-1 : postfix - denial of service, bounce-scanning
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2003-081.NASL
    description Two vulnerabilities were discovered in the postfix MTA by Michal Zalewski. Versions prior to 1.1.12 would allow an attacker to bounce- scan private networks or use the daemon as a DDoS (Distributed Denial of Service) tool by forcing the daemon to connect to an arbitrary service at an arbitrary IP address and receiving either a bounce message or by timing. As well, versions prior to 1.1.12 have a bug where a malformed envelope address can cause the queue manager to lock up until an entry is removed from the queue and also lock up the SMTP listener leading to a DoS. Postfix version 1.1.13 corrects these issues. The provided packages have been patched to fix the vulnerabilities.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14063
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14063
    title Mandrake Linux Security Advisory : postfix (MDKSA-2003:081)
oval via4
accepted 2010-09-20T04:00:27.729-04:00
class vulnerability
contributors
  • name Jay Beale
    organization Bastille Linux
  • name Thomas R. Jones
    organization Maitreya Security
  • name Jonathan Baker
    organization The MITRE Corporation
description Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.
family unix
id oval:org.mitre.oval:def:522
status accepted
submitted 2003-09-02T12:00:00.000-04:00
title Postfix Bounce Scans Vulnerability
version 36
redhat via4
advisories
rhsa
id RHSA-2003:251
refmap via4
bid 8333
bugtraq 20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning
conectiva CLA-2003:717
debian DSA-363
mandrake MDKSA-2003:081
secunia 9433
suse SuSE-SA:2003:033
Last major update 17-10-2016 - 22:34
Published 27-08-2003 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top