ID CVE-2003-0540
Summary The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.
References
Vulnerable Configurations
  • cpe:2.3:a:wietse_venema:postfix:1.0.21
    cpe:2.3:a:wietse_venema:postfix:1.0.21
  • cpe:2.3:a:wietse_venema:postfix:1.1.11
    cpe:2.3:a:wietse_venema:postfix:1.1.11
  • cpe:2.3:a:wietse_venema:postfix:1.1.12
    cpe:2.3:a:wietse_venema:postfix:1.1.12
  • cpe:2.3:a:wietse_venema:postfix:1999-09-06
    cpe:2.3:a:wietse_venema:postfix:1999-09-06
  • cpe:2.3:a:wietse_venema:postfix:1999-12-31
    cpe:2.3:a:wietse_venema:postfix:1999-12-31
  • cpe:2.3:a:wietse_venema:postfix:2000-02-28
    cpe:2.3:a:wietse_venema:postfix:2000-02-28
  • cpe:2.3:a:wietse_venema:postfix:2001-11-15
    cpe:2.3:a:wietse_venema:postfix:2001-11-15
  • Conectiva Conectiva Linux 7.0
    cpe:2.3:o:conectiva:linux:7.0
  • Conectiva Conectiva Linux 8.0
    cpe:2.3:o:conectiva:linux:8.0
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
  • description Postfix 1.1.x Denial of Service Vulnerabilities (1). CVE-2003-0540. Dos exploit for linux platform
    id EDB-ID:22981
    last seen 2016-02-02
    modified 2003-08-04
    published 2003-08-04
    reporter r3b00t
    source https://www.exploit-db.com/download/22981/
    title Postfix 1.1.x - Denial of Service Vulnerabilities 1
  • description Postfix 1.1.x Denial of Service Vulnerabilities (2). CVE-2003-0540. Dos exploit for linux platform
    id EDB-ID:22982
    last seen 2016-02-02
    modified 2003-08-04
    published 2003-08-04
    reporter daniels@legend.co.uk
    source https://www.exploit-db.com/download/22982/
    title Postfix 1.1.x - Denial of Service Vulnerabilities 2
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SA_2003_033.NASL
    description The remote host is missing the patch for the advisory SUSE-SA:2003:033 (postfix). Postfix is a flexible MTA replacement for sendmail. Michal Zalewski has reported problems in postfix which can lead to a remote DoS attack or allow attackers to bounce-scan private networks. These problems have been fixed. Even though not all of our products are vulnerable in their default configurations, the updates should be applied. In order for the update to take effect, you have to restart your MTA by issuing the following command as root: '/sbin/rcpostfix restart' Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command 'rpm -Fhv file.rpm' to apply the update.
    last seen 2019-02-21
    modified 2016-12-27
    plugin id 13802
    published 2004-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13802
    title SUSE-SA:2003:033: postfix
  • NASL family SMTP problems
    NASL id POSTFIX_VULNS.NASL
    description The remote host is running a version of Postfix that is as old as or older than 1.1.12. There are two vulnerabilities in this version that could allow an attacker to remotely disable it, or to be used as a DDoS agent against arbitrary hosts.
    last seen 2019-02-21
    modified 2018-09-24
    plugin id 11820
    published 2003-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11820
    title Postfix < 2.0 Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-363.NASL
    description The postfix mail transport agent in Debian 3.0 contains two vulnerabilities : - CAN-2003-0468: Postfix would allow an attacker to bounce-scan private networks or use the daemon as a DDoS tool by forcing the daemon to connect to an arbitrary service at an arbitrary IP address and either receiving a bounce message or observing queue operations to infer the status of the delivery attempt. - CAN-2003-0540: a malformed envelope address can 1) cause the queue manager to lock up until an entry is removed from the queue and 2) lock up the smtp listener leading to a denial of service.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 15200
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15200
    title Debian DSA-363-1 : postfix - denial of service, bounce-scanning
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2003-081.NASL
    description Two vulnerabilities were discovered in the postfix MTA by Michal Zalewski. Versions prior to 1.1.12 would allow an attacker to bounce- scan private networks or use the daemon as a DDoS (Distributed Denial of Service) tool by forcing the daemon to connect to an arbitrary service at an arbitrary IP address and receiving either a bounce message or by timing. As well, versions prior to 1.1.12 have a bug where a malformed envelope address can cause the queue manager to lock up until an entry is removed from the queue and also lock up the SMTP listener leading to a DoS. Postfix version 1.1.13 corrects these issues. The provided packages have been patched to fix the vulnerabilities.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14063
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14063
    title Mandrake Linux Security Advisory : postfix (MDKSA-2003:081)
oval via4
accepted 2010-09-20T04:00:28.470-04:00
class vulnerability
contributors
  • name Jay Beale
    organization Bastille Linux
  • name Thomas R. Jones
    organization Maitreya Security
  • name Jonathan Baker
    organization The MITRE Corporation
description The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.
family unix
id oval:org.mitre.oval:def:544
status accepted
submitted 2003-09-02T12:00:00.000-04:00
title Denial of Service Vulnerability in Postfix Parser Code
version 36
redhat via4
advisories
rhsa
id RHSA-2003:251
refmap via4
bid 8333
bugtraq 20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning
cert-vn VU#895508
conectiva CLA-2003:717
debian DSA-363
engarde ESA-20030804-019
fulldisc 20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning
mandrake MDKSA-2003:081
secunia 9433
suse SuSE-SA:2003:033
trustix 2003-0029
Last major update 17-10-2016 - 22:35
Published 27-08-2003 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top