ID SUSE_11_2_POSTFIX-100201.NASL Type nessus Reporter This script is Copyright (C) 2010-2021 Tenable Network Security, Inc. Modified 2010-02-16T00:00:00
Description
The value of SMTPD_LISTEN_REMOTE accidentally defaulted to 'yes'. The
postfix smtp daemon therefore was reachable over the network by
default. This update therefore resets the value to 'no' in
/etc/sysconfig/mail. If you intentionally want postfix to listen for
remote connection you need to manually set it to 'yes' again.
This update also fixes a problem where the relay database was not
created and postfix refused to start.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update postfix-1969.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(44623);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2010-0230");
script_name(english:"openSUSE Security Update : postfix (postfix-1969)");
script_summary(english:"Check for the postfix-1969 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"The value of SMTPD_LISTEN_REMOTE accidentally defaulted to 'yes'. The
postfix smtp daemon therefore was reachable over the network by
default. This update therefore resets the value to 'no' in
/etc/sysconfig/mail. If you intentionally want postfix to listen for
remote connection you need to manually set it to 'yes' again.
This update also fixes a problem where the relay database was not
created and postfix refused to start."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=547928"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=549612"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=552270"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=555732"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=555814"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=557239"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=566665"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected postfix packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_cwe_id(264);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postfix");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postfix-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postfix-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postfix-postgresql");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2");
script_set_attribute(attribute:"patch_publication_date", value:"2010/02/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/16");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE11.2", reference:"postfix-2.6.1-2.6.1") ) flag++;
if ( rpm_check(release:"SUSE11.2", reference:"postfix-devel-2.6.1-2.6.1") ) flag++;
if ( rpm_check(release:"SUSE11.2", reference:"postfix-mysql-2.6.1-2.6.1") ) flag++;
if ( rpm_check(release:"SUSE11.2", reference:"postfix-postgresql-2.6.1-2.6.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postfix / postfix-devel / postfix-mysql / postfix-postgresql");
}
{"id": "SUSE_11_2_POSTFIX-100201.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : postfix (postfix-1969)", "description": "The value of SMTPD_LISTEN_REMOTE accidentally defaulted to 'yes'. The\npostfix smtp daemon therefore was reachable over the network by\ndefault. This update therefore resets the value to 'no' in\n/etc/sysconfig/mail. If you intentionally want postfix to listen for\nremote connection you need to manually set it to 'yes' again.\n\nThis update also fixes a problem where the relay database was not\ncreated and postfix refused to start.", "published": "2010-02-16T00:00:00", "modified": "2010-02-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/44623", "reporter": "This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=555814", "https://bugzilla.novell.com/show_bug.cgi?id=557239", "https://bugzilla.novell.com/show_bug.cgi?id=552270", "https://bugzilla.novell.com/show_bug.cgi?id=566665", "https://bugzilla.novell.com/show_bug.cgi?id=549612", "https://bugzilla.novell.com/show_bug.cgi?id=547928", "https://bugzilla.novell.com/show_bug.cgi?id=555732"], "cvelist": ["CVE-2010-0230"], "type": "nessus", "lastseen": "2021-01-17T14:06:29", "edition": 24, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-0230"]}, {"type": "openvas", "idList": ["OPENVAS:850126", "OPENVAS:1361412562310850126"]}, {"type": "suse", "idList": ["SUSE-SA:2010:011"]}], "modified": "2021-01-17T14:06:29", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-01-17T14:06:29", "rev": 2}, "vulnersScore": 6.0}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update postfix-1969.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44623);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0230\");\n\n script_name(english:\"openSUSE Security Update : postfix (postfix-1969)\");\n script_summary(english:\"Check for the postfix-1969 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The value of SMTPD_LISTEN_REMOTE accidentally defaulted to 'yes'. The\npostfix smtp daemon therefore was reachable over the network by\ndefault. This update therefore resets the value to 'no' in\n/etc/sysconfig/mail. If you intentionally want postfix to listen for\nremote connection you need to manually set it to 'yes' again.\n\nThis update also fixes a problem where the relay database was not\ncreated and postfix refused to start.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=547928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=549612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=552270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=555732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=555814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=557239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=566665\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postfix packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postfix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postfix-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postfix-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postfix-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"postfix-2.6.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"postfix-devel-2.6.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"postfix-mysql-2.6.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"postfix-postgresql-2.6.1-2.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postfix / postfix-devel / postfix-mysql / postfix-postgresql\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "44623", "cpe": ["p-cpe:/a:novell:opensuse:postfix-devel", "p-cpe:/a:novell:opensuse:postfix-mysql", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:postfix-postgresql", "p-cpe:/a:novell:opensuse:postfix"], "scheme": null}
{"cve": [{"lastseen": "2021-02-02T05:44:55", "description": "SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.", "edition": 4, "cvss3": {}, "published": "2010-01-22T21:30:00", "title": "CVE-2010-0230", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0230"], "modified": "2011-04-28T04:00:00", "cpe": ["cpe:/o:suse:suse_linux:10", "cpe:/o:suse:opensuse:11.2"], "id": "CVE-2010-0230", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0230", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:suse:suse_linux:10:sp3:enterprise_server:*:*:*:*:*", "cpe:2.3:o:suse:opensuse:11.2:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux:10:sp3:enterprise_desktop:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-01-02T10:54:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0230"], "description": "Check for the Version of postfix", "modified": "2017-12-29T00:00:00", "published": "2010-02-19T00:00:00", "id": "OPENVAS:1361412562310850126", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850126", "type": "openvas", "title": "SuSE Update for postfix SUSE-SA:2010:011", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for postfix SUSE-SA:2010:011\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The value of SMTPD_LISTEN_REMOTE accidentally defaulted to 'yes'. The postfix\n smtp daemon therefore was reachable over the network by default.\n This update resets the value to 'no' in /etc/sysconfig/mail. If you\n intentionally want postfix to listen for remote connections you need to\n manually set it to 'yes' again.\n\n This update also fixes a problem where the relay database was not created and\n postfix refused to start.\";\n\ntag_impact = \"remote denial of service\";\ntag_affected = \"postfix on openSUSE 11.2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850126\");\n script_version(\"$Revision: 8258 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 08:28:57 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-19 13:38:15 +0100 (Fri, 19 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"SUSE-SA\", value: \"2010-011\");\n script_cve_id(\"CVE-2010-0230\");\n script_name(\"SuSE Update for postfix SUSE-SA:2010:011\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of postfix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"postfix-debuginfo\", rpm:\"postfix-debuginfo~2.6.1~2.6.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postfix-debugsource\", rpm:\"postfix-debugsource~2.6.1~2.6.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postfix-mysql-debuginfo\", rpm:\"postfix-mysql-debuginfo~2.6.1~2.6.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postfix-postgresql-debuginfo\", rpm:\"postfix-postgresql-debuginfo~2.6.1~2.6.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postfix\", rpm:\"postfix~2.6.1~2.6.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postfix-devel\", rpm:\"postfix-devel~2.6.1~2.6.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postfix-doc\", rpm:\"postfix-doc~2.6.1~2.6.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postfix-mysql\", rpm:\"postfix-mysql~2.6.1~2.6.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postfix-postgresql\", rpm:\"postfix-postgresql~2.6.1~2.6.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:48:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0230"], "description": "Check for the Version of postfix", "modified": "2017-12-14T00:00:00", "published": "2010-02-19T00:00:00", "id": "OPENVAS:850126", "href": "http://plugins.openvas.org/nasl.php?oid=850126", "type": "openvas", "title": "SuSE Update for postfix SUSE-SA:2010:011", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for postfix SUSE-SA:2010:011\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The value of SMTPD_LISTEN_REMOTE accidentally defaulted to 'yes'. The postfix\n smtp daemon therefore was reachable over the network by default.\n This update resets the value to 'no' in /etc/sysconfig/mail. If you\n intentionally want postfix to listen for remote connections you need to\n manually set it to 'yes' again.\n\n This update also fixes a problem where the relay database was not created and\n postfix refused to start.\";\n\ntag_impact = \"remote denial of service\";\ntag_affected = \"postfix on openSUSE 11.2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850126);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-19 13:38:15 +0100 (Fri, 19 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"SUSE-SA\", value: \"2010-011\");\n script_cve_id(\"CVE-2010-0230\");\n script_name(\"SuSE Update for postfix SUSE-SA:2010:011\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of postfix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"postfix-debuginfo\", rpm:\"postfix-debuginfo~2.6.1~2.6.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postfix-debugsource\", rpm:\"postfix-debugsource~2.6.1~2.6.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postfix-mysql-debuginfo\", rpm:\"postfix-mysql-debuginfo~2.6.1~2.6.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postfix-postgresql-debuginfo\", rpm:\"postfix-postgresql-debuginfo~2.6.1~2.6.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postfix\", rpm:\"postfix~2.6.1~2.6.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postfix-devel\", rpm:\"postfix-devel~2.6.1~2.6.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postfix-doc\", rpm:\"postfix-doc~2.6.1~2.6.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postfix-mysql\", rpm:\"postfix-mysql~2.6.1~2.6.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postfix-postgresql\", rpm:\"postfix-postgresql~2.6.1~2.6.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:41:56", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0230"], "description": "The value of SMTPD_LISTEN_REMOTE accidentally defaulted to 'yes'. The postfix smtp daemon therefore was reachable over the network by default. This update resets the value to 'no' in /etc/sysconfig/mail. If you intentionally want postfix to listen for remote connections you need to manually set it to 'yes' again. This update also fixes a problem where the relay database was not created and postfix refused to start.\n#### Solution\nManually set SMTPD_LISTEN_REMOTE to 'no' and run # SuSEconfig --module postfix", "edition": 1, "modified": "2010-02-15T15:47:45", "published": "2010-02-15T15:47:45", "id": "SUSE-SA:2010:011", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00004.html", "type": "suse", "title": "remote denial of service in postfix", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}