ID CVE-2003-0468
Summary Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.
References
Vulnerable Configurations
  • cpe:2.3:a:wietse_venema:postfix:1.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:wietse_venema:postfix:1.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:wietse_venema:postfix:1.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:wietse_venema:postfix:1.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:wietse_venema:postfix:1999-09-06:*:*:*:*:*:*:*
    cpe:2.3:a:wietse_venema:postfix:1999-09-06:*:*:*:*:*:*:*
  • cpe:2.3:a:wietse_venema:postfix:1999-12-31:*:*:*:*:*:*:*
    cpe:2.3:a:wietse_venema:postfix:1999-12-31:*:*:*:*:*:*:*
  • cpe:2.3:a:wietse_venema:postfix:2000-02-28:*:*:*:*:*:*:*
    cpe:2.3:a:wietse_venema:postfix:2000-02-28:*:*:*:*:*:*:*
  • cpe:2.3:a:wietse_venema:postfix:2001-11-15:*:*:*:*:*:*:*
    cpe:2.3:a:wietse_venema:postfix:2001-11-15:*:*:*:*:*:*:*
  • cpe:2.3:o:conectiva:linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:conectiva:linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:conectiva:linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:conectiva:linux:8.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
oval via4
accepted 2010-09-20T04:00:27.729-04:00
class vulnerability
contributors
  • name Jay Beale
    organization Bastille Linux
  • name Thomas R. Jones
    organization Maitreya Security
  • name Jonathan Baker
    organization The MITRE Corporation
description Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.
family unix
id oval:org.mitre.oval:def:522
status accepted
submitted 2003-09-02T12:00:00.000-04:00
title Postfix Bounce Scans Vulnerability
version 36
redhat via4
advisories
rhsa
id RHSA-2003:251
refmap via4
bid 8333
bugtraq 20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning
conectiva CLA-2003:717
debian DSA-363
mandrake MDKSA-2003:081
secunia 9433
suse SuSE-SA:2003:033
Last major update 11-10-2017 - 01:29
Published 27-08-2003 - 04:00
Back to Top