Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-363
HistoryAug 03, 2003 - 12:00 a.m.

postfix - denial of service, bounce-scanning

2003-08-0300:00:00
Google
osv.dev
7

0.077 Low

EPSS

Percentile

94.2%

JSON

The postfix mail transport agent in Debian 3.0 contains two
vulnerabilities:


  • CAN-2003-0468    : Postfix would allow an attacker to bounce-scan private
    networks or use the daemon as a DDoS tool by forcing the daemon to
    connect to an arbitrary service at an arbitrary IP address and
    either receiving a bounce message or observing queue operations to
    infer the status of the delivery attempt.

  • CAN-2003-0540    : a malformed envelope address can 1) cause the queue
    manager to lock up until an entry is removed from the queue and 2)
    lock up the smtp listener leading to a denial of service.

For the current stable distribution (woody) these problems have been
fixed in version 1.1.11-0.woody3.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you update your postfix package.

Related

openvas 2
nessus 4
cert 1
exploitpack 2
securityvulns 1
seebug 2
suse 1
debian 1
exploitdb 2
debiancve 2
cvelist 2
cve 2
nvd 2
openvas
openvas
Debian Security Advisory DSA 363-1 (postfix)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-363)
2008-01-17 00:00:00
nessus
nessus
Mandrake Linux Security Advisory : postfix (MDKSA-2003:081)
2004-07-31 00:00:00
Debian DSA-363-1 : postfix - denial of service, bounce-scanning
2004-09-29 00:00:00
SUSE-SA:2003:033: postfix
2004-07-25 00:00:00
cert
cert
Postfix vulnerable to DoS by supplying a remote SMTP listener with a malformed envelope address
2003-08-11 00:00:00
exploitpack
exploitpack
Postfix 1.1.x - Denial of Service (1)
2003-08-04 00:00:00
Postfix 1.1.x - Denial of Service (2)
2003-08-04 00:00:00
securityvulns
securityvulns
[Full-Disclosure] Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning
2003-08-04 00:00:00
seebug
seebug
Postfix 1.1.x Denial of Service Vulnerabilities (2)
2014-07-01 00:00:00
Postfix 1.1.x Denial of Service Vulnerabilities (1)
2014-07-01 00:00:00
suse
suse
remote Denial of Service (DoS) attack in postfix
2003-08-04 12:19:27
debian
debian
[SECURITY] [DSA-363-1] New postfix packages fix remote denial of service, bounce scanning
2003-08-03 22:25:40
exploitdb
exploitdb
Postfix 1.1.x - Denial of Service (1)
2003-08-04 00:00:00
Postfix 1.1.x - Denial of Service (2)
2003-08-04 00:00:00
debiancve
debiancve
CVE-2003-0540
2003-08-27 04:00:00
CVE-2003-0468
2003-08-27 04:00:00
cvelist
cvelist
CVE-2003-0468
2003-08-05 04:00:00
CVE-2003-0540
2003-08-05 04:00:00
cve
cve
CVE-2003-0468
2003-08-27 04:00:00
CVE-2003-0540
2003-08-27 04:00:00
nvd
nvd
CVE-2003-0468
2003-08-27 04:00:00
CVE-2003-0540
2003-08-27 04:00:00

0.077 Low

EPSS

Percentile

94.2%

JSON
Related for OSV:DSA-363
openvas2nessus4cert1exploitpack2securityvulns1seebug2suse1debian1exploitdb2debiancve2cvelist2cve2nvd2