Mac OS X Postfix SMTPD AUTH Username Overflow DoS

2004-10-04T00:00:00
ID OSVDB:10500
Type osvdb
Reporter Michael Rondinelli()
Modified 2004-10-04T00:00:00

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a remote denial of service. The issue is triggered when SMTPD AUTH is enabled and Postfix fails to clear the username buffer after each authentication attempt, which will result in loss of availability for the service. This flaw was introduced by Apple-specific patches to Postfix, and does not exist in the original Postfix source.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X contains a flaw that may allow a remote denial of service. The issue is triggered when SMTPD AUTH is enabled and Postfix fails to clear the username buffer after each authentication attempt, which will result in loss of availability for the service. This flaw was introduced by Apple-specific patches to Postfix, and does not exist in the original Postfix source.

References:

Vendor Specific Advisory URL Security Tracker: 1011532 Secunia Advisory ID:12690 Mail List Post: http://marc.theaimsgroup.com/?l=postfix-users&m=109700578823929&w=2 ISS X-Force ID: 17595 CVE-2004-0925 CIAC Advisory: p-002 Bugtraq ID: 11323