Lucene search

CERTVU:895508

HistoryAug 11, 2003 - 12:00 a.m.

Postfix vulnerable to DoS by supplying a remote SMTP listener with a malformed envelope address

2003-08-1100:00:00

www.kb.cert.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.077 Low

EPSS

Percentile

94.2%

JSON

Overview

A denial-of-service vulnerability exists in all versions of Postfix prior to 2.0. This vulnerability may allow a remote attacker to cause mail service interruption.

Description

Postfix is a very popular mail transfer agent (MTA). Michal Zalewski has discovered a denial-of-service vulnerability in Postfix. According to Michal, the vulnerability exists in a portion of code responsible for address parsing. For further technical details, please see Michal’s announcement.

Note that this vulnerability is message-oriented as opposed to connection-oriented. That means that the vulnerability is triggered by the contents of a specially-crafted email message rather than by lower-level network traffic. This is important because an MTA that does not contain the vulnerability may pass the malicious message along to other MTAs that may be protected at the network level. In other words, vulnerable Postfix servers on the interior of a network are still at risk, even if the site’s border MTA uses software other than Postfix.

Impact

Postfix will be unable to deliver email.

Solution

Apply a patch from your vendor.

Workarounds

Based on feedback from the author of Postfix, if recipient name checking is turned on (Recipient name checking is turned off by default in version 1.1.11), mail for <nonexistent@[127.0.0.1]> is rejected.

Vendor Information

895508

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Conectiva __ Affected

Updated: August 08, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

`- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : postfix
SUMMARY : Remote denial of service vulnerability
DATE : 2003-08-04 17:30:00
ID : CLA-2003:717
RELEVANT
RELEASES : 7.0, 8
- -------------------------------------------------------------------------
DESCRIPTION
Postfix[1] is a widely used MTA (Mail Transport Agent, sometimes
called just an email or SMTP server).`

This update for Conectiva Linux 7.0 and 8 fixes two vulnerabilities in Postfix reported[4] by Michal Zalewski:

1. Postfix used as a bounce scanner (CAN-2003-0468)[2] By using specially created recipients, it is possible to make Postfix attempt to establish SMTP sessions with arbitrary hosts on arbitrary ports. This could be used to identify open TCP ports on remote machines or to just generate traffic.

`2. Remote denial of service (CAN-2003-0540)[3]
A malformed address can be used to cause a denial of service
condition in two ways:

by locking up the queue manager: the offending message has to be
manually removed from the queue in order to restore the service;
by locking up the smtpd listener: when supplied with the malformed
address, the listener process will stop responding. Multiple attacks
in parallel will hang many smtpd processes, leading to a denial of
service.
In order to be vulnerable to this issue, the “append_dot_mydomain”
paramater would have to be changed from the default value of “on” to
“off”.`

Conectiva Linux 9 is not vulnerable to any of these issues since it ships with Postfix 2.0.x.

SOLUTION All postfix users should upgrade their packages. The service will be automatically restarted after the upgrade if it was already running.

REFERENCES 1.http://www.postfix.org/ 2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0468 3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0540 4.http://www.securityfocus.com/archive/1/331713/2003-08-01/2003-08-07/0

UPDATED PACKAGES ``<ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/postfix-1.1.13-1U70_1cl.src.rpm>`` ``<ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postfix-1.1.13-1U70_1cl.i386.rpm>`` ``<ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postfix-doc-1.1.13-1U70_1cl.i386.rpm>`` ``<ftp://atualizacoes.conectiva.com.br/8/SRPMS/postfix-1.1.13-1U80_1cl.src.rpm>`` ``<ftp://atualizacoes.conectiva.com.br/8/RPMS/postfix-1.1.13-1U80_1cl.i386.rpm>`` ``<ftp://atualizacoes.conectiva.com.br/8/RPMS/postfix-doc-1.1.13-1U80_1cl.i386.rpm>``

ADDITIONAL INSTRUCTIONS The apt tool can be used to perform RPM packages upgrades:

`- run: apt-get update

after that, execute: apt-get upgrade`

Detailed instructions reagarding the use of apt and upgrade examples can be found at ``<http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en>

- ------------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at ``<http://distro.conectiva.com.br/seguranca/chave/?idioma=en>`` Instructions on how to check the signatures of the RPM packages can be found at ``<http://distro.conectiva.com.br/seguranca/politica/?idioma=en>``
- ------------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at ``<http://distro.conectiva.com.br/atualizacoes/?idioma=en>``
- ------------------------------------------------------------------------- Copyright (c) 2003 Conectiva Inc. ``<http://www.conectiva.com>``
- ------------------------------------------------------------------------- subscribe: [email protected] unsubscribe: [email protected] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see ``<http://www.gnupg.org>``
iD8DBQE/LsuP42jd0JmAcZARAkSUAKCivRAFCAKjTgB6PgvM39MNhNkgxQCfRKSP jPU9/qm3+LBktPbk8OYk3Jg= =19Fy -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23895508 Feedback>).

Debian __ Affected

Updated: August 18, 2003

Status

Affected

Vendor Statement

Both of these vulnerabilities were fixed in DSA-363-1.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23895508 Feedback>).

Engarde __ Affected

Updated: August 08, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

+------------------------------------------------------------------------+ | Guardian Digital Security Advisory August 04, 2003 | | ``<http://www.guardiandigital.com>`` ESA-20030804-019 | | | | Package: postfix | | Summary: Remote denial-of-service. | +------------------------------------------------------------------------+
EnGarde Secure Linux is an enterprise class Linux platform engineered to enable corporations to quickly and cost-effectively build a complete and secure Internet presence while preventing Internet threats.

`OVERVIEW

-------- Michal Zalewski has discovered a vulnerability in the Postfix MTA which
could lead to a remote DoS attack.`

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0540 to this issue.

Guardian Digital products affected by this issue include:
EnGarde Secure Community v1.0.1 EnGarde Secure Community 2 EnGarde Secure Professional v1.1 EnGarde Secure Professional v1.2 EnGarde Secure Professional v1.5

It is recommended that all users apply this update as soon as possible.
`SOLUTION

-------- Guardian Digital Secure Network subscribers may automatically update
affected systems by accessing their account from within the Guardian
Digital WebTool.`

To modify your GDSN account and contact preferences, please go to:
<https://www.guardiandigital.com/account/>``
Below are MD5 sums for the updated EnGarde Secure Linux 1.0.1 packages:
SRPMS/postfix-20001121-1.0.21.src.rpm MD5 Sum: d595e164f2e48766043486fbc71c32b8

i386/postfix-20001121-1.0.21.i386.rpm MD5 Sum: 4402f4bb441d30c9c631a97ad843700e

i686/postfix-20001121-1.0.21.i686.rpm MD5 Sum: 2750ae2169625dba290e80c13009f258

`REFERENCES

---------- Guardian Digital’s public key:
``<http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY>`

Postfix's Official Web Site: ``<http://www.postfix.org/>

Guardian Digital Advisories: ``<http://infocenter.guardiandigital.com/advisories/>

Security Contact: [email protected]
- -------------------------------------------------------------------------- Author: Ryan W. Maple <[email protected]> Copyright 2003, Guardian Digital, Inc.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/Lq7RHD5cqd57fu0RAlOsAJ9k3DyYqp800B2hqsBfQHiKSaOhmQCglIM0 +k8quMhreGMKixrD8WeF8yM= =78Il -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23895508 Feedback>).

Red Hat Inc. __ Affected

Updated: August 08, 2003

Status

Affected

Vendor Statement

Red Hat Linux 7.3, 8.0, and 9 ship with a Postfix package vulnerable to these issues. Updated Postfix packages are available along with our advisory at the URLs below. Users of the Red Hat Network can update their systems using the ‘up2date’ tool.

<https://rhn.redhat.com/errata/RHSA-2003-251.html>

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23895508 Feedback>).

SuSE Inc. __ Affected

Updated: August 08, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________
SuSE Security Announcement
Package: postfix Announcement-ID: SuSE-SA:2003:033 Date: Mon Aug 4 13:30:00 MEST 2003 Affected products: 7.2, 7.3, 8.0, 8.1
SuSE Linux Database Server SuSE eMail Server III, 3.1 SuSE Linux Enterprise Server 7, 8 SuSE Linux Connectivity Server SuSE Linux Office Server SuSE Linux Openexchange Server UnitedLinux 1.0 SuSE Linux Desktop 1.0
Vulnerability Type: remote Denial of Service (DoS) attack Severity (1-10): 4 SuSE default package: Since SuSE Linux 8.1. Cross References: CAN-2003-0468
CAN-2003-0540
`Content of this advisory:

security vulnerability resolved: remote DoS in postfix problem description, discussion, solution and upgrade information
pending vulnerabilities, solutions, workarounds: - kernel
standard appendix (further information)`

______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
Postfix is a flexible MTA replacement for sendmail. Michal Zalewski has reported problems in postfix which can lead to
a remote DoS attack or allow attackers to bounce-scan private networks. These problems have been fixed. Even though not all of our products are vulnerable in their default configurations, the updates should be applied.

In order for the update to take effect, you have to restart your MTA by issuing the following command as root:

"/sbin/rcpostfix restart"

Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web.

i386 Intel Platform:
SuSE-8.1: <ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/postfix-1.1.12-12.i586.rpm>
4b3b65905911440051f869b3e95c2c66 patch rpm(s): ``<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/postfix-1.1.12-12.i586.patch.rpm>
e73917624b5adfdbe113909135a50a42 source rpm(s): <ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/postfix-1.1.12-12.src.rpm>
0e5bcc6c3cd95f09c423cf00aac0c303
SuSE-8.0: <ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/postfix-1.1.12-13.i386.rpm>
e0090e0ed051a532a62d787b020ac580 patch rpm(s): <ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/postfix-1.1.12-13.i386.patch.rpm>
8c156ca92ad4be83588041192efe5b60 source rpm(s): ``<ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/postfix-1.1.12-13.src.rpm>
f9389f00de109cea2f0b3b6c27f5a515
SuSE-7.3: <ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/postfix-20010228pl08-22.i386.rpm>
1f4d3af8d10850096bc0260567caa334 source rpm(s): ``<ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/postfix-20010228pl08-22.src.rpm>
0ccc29a957609b3aeb2c12f3cc85284d
SuSE-7.2: <ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/postfix-20010228pl03-82.i386.rpm>
444f983a8c8f0d18621a1e8b4c3dd260 source rpm(s): ``<ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/postfix-20010228pl03-82.src.rpm>
6d479bd0ed90bc7dc59a4201327ffc05

Sparc Platform:
SuSE-7.3: <ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/postfix-20010228pl08-15.sparc.rpm>
83eb074dbcedae2c9947006b4c0411d2 source rpm(s): ``<ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/postfix-20010228pl08-15.src.rpm>
ec7ae58e31fd2ec63ccd881454372307

PPC Power PC Platform:
SuSE-7.3: <ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/postfix-20010228pl08-36.ppc.rpm>
f7b331c15b7bf705274afe2665e9e187 source rpm(s): <ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/postfix-20010228pl08-36.src.rpm>
f2e5aa58e24599777a95dce715c3bcad
______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- kernel Various bugs inside the kernel have been reported recently. The most important ones are
`- NFSv3 remote DoS

netfilter DoS
/proc infoleak
race condition in the ELF loader These bugs are fixed. The new kernel packages will be approved as soon as
the testing is finished.`

______________________________________________________________________________
3) standard appendix: authenticity verification, additional information
- Package authenticity verification:
`SuSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:

md5sums as provided in the (cryptographically signed) announcement.
using the internal gpg signatures of the rpm package.`

1) execute the command md5sum <name-of-the-file.rpm>
after you downloaded the file from a SuSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key [email protected]), the checksums show proof of the authenticity of the package. We disrecommend to subscribe to security lists which cause the email message containing the announcement to be modified so that the signature does not match after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless.

2) rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the command
rpm -v --checksig <file.rpm> to verify the signature of the package, where <file.rpm> is the filename of the rpm package that you have downloaded. Of course, package authenticity verification can only target an un-installed rpm package file. Prerequisites:
a) gpg is installed b) The package is signed using a certain key. The public part of this
key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SuSE in rpm packages for SuSE Linux by saving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root):
gpg --batch; gpg < announcement.txt | gpg --import SuSE Linux distributions version 7.1 and thereafter install the key "[email protected]" upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the top-level directory of the first CD (pubring.gpg) and at <ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de>`` .

- SuSE runs two security mailing lists to which any interested party may subscribe:

`[email protected]

general/linux/SuSE security discussion. All SuSE security announcements are sent to this list.
To subscribe, send an email to <[email protected]>.
[email protected]
SuSE’s announce-only mailing list. Only SuSE’s security announcements are sent to this list.
To subscribe, send an email to <[email protected]>.
For general information or the frequently asked questions (faq)
send mail to: <[email protected]> or
<[email protected]> respectively.`

===================================================================== SuSE's security contact is <[email protected]> or <[email protected]>. The <[email protected]> public key is listed below. =====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, it is desired that the clear-text signature shows proof of the authenticity of the text. SuSE Linux AG makes no warranties of any kind whatsoever with respect to the information contained in this security advisory.

Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <[email protected]> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <[email protected]>
- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see <http://www.gnupg.org>
`mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC

-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iQEVAwUBPy5NNney5gA9JdPZAQGNTwf/ThT8WIpdODuOOS3Ppz7giCzglbLEEinr
3A87mrnRdzumggoPuuXU6yMRTugBdcpBihfS/kHzoHjhx1g0PA3qi3Rer4RaqyDn
Kc+LMrX2/u8XtClXfkMuJinZ6YXE9p1Z6xeRkgOgZnlWtlIegZMXlIPcnTFa4jeC
c2sgFIHUoeSoTQLtML6xILqpmh2fpGlQSxuuMGfNMChV4s+Khz99vKSnCe9uuFqX
HmtzqRzl3CdSMWMWGPpGq+ZlE5KmwC9MYZS1SPKoTs/9CIoj14Yxk3EMW4xVZ/aa
xuEBCimOhqinUuIpVKkQinfpvBDU1FFR9CwUBBJNn5JbVtI25/5sZw==
=znPh
-----END PGP SIGNATURE-----`

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23895508 Feedback>).

Trusix __ Affected

Updated: August 08, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

- -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2003-0029
Package name: postfix Summary: Denial of service Date: 2003-08-04 Affected versions: TSL 1.2, 1.5
- -------------------------------------------------------------------------- Package description:
Postfix is an alternative to the sendmail mailer daemon. Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users.

Problem description: From the Postfix 1.1.13 release notes: This patch fixes a denial of service condition in the Postfix smtpd, qmgr, and other programs that use the trivial-rewrite service. The problem is triggered when an invalid address resolves to an impossible result. This causes the affected programs to reject the result and to retry the trivial-rewrite request indefinitely.

Action: We recommend that all systems with this package installed be upgraded.

Location: All TSL updates are available from <URI:``<http://www.trustix.net/pub/Trustix/updates/>``> <URI:``<ftp://ftp.trustix.net/pub/Trustix/updates/>``>

About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater.

Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'.

Users of TSL 1.2 can get SWUP from: <URI:``<ftp://ftp.trustix.net/pub/Trustix/software/swup/>``> (In later versions of TSL, SWUP is included in the default installation.)

Public testing: These packages have been available for public testing for some time. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at <URI:``<http://www.trustix.net/pub/Trustix/testing/>``> <URI:``<ftp://ftp.trustix.net/pub/Trustix/testing/>``>

Questions? Check out our mailing lists: <URI:``<http://www.trustix.net/support/>``>

Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key is available from: <URI:``<http://www.trustix.net/TSL-GPG-KEY>``>

The advisory itself is available from the errata pages at <URI:``<http://www.trustix.net/errata/trustix-1.2/>``>, <URI:``<http://www.trustix.net/errata/trustix-1.5/>``> and or directly at <URI:``<http://www.trustix.net/errata/misc/2003/TSL-2003-0029-postfix.asc.txt>``>

Not Affected

Vendor Statement

The version of Postfix included in Openwall GNU/*/Linux is not vulnerable to this DoS attack in its default configuration. We will fully address this issue with the next scheduled update of our Postfix package."

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23895508 Feedback>).

View all 12 vendors __View less vendors __

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was discovered by Michal Zalewski. The CERT/CC thanks Michal for providing information upon which this document is based. We also thank the author of Postfix, Wietse Venema, for his help in understanding the vulnerability.

This document was written by Ian A Finlay.