858 matches found
SUSE CVE-2023-32182
A Improper Link Resolution Before File Access 'Link Following' vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before...
SUSE SLED15 / SLES15 Security Update : postfix (SUSE-SU-2023:3394-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3394-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
SUSE-SU-2023:3394-1 Security update for postfix
This update for postfix fixes the following issues: - CVE-2023-32182: Fixed configpostfix SUSE specific script potentially bad /tmp file usage bsc1211196. - Update to from 3.7.2 to 3.7.3: - Fixes a bug where some messages were not delivered after 'warning: Unexpected record type 'X'. bsc1213515...
Amazon Linux AMI : db4 (ALAS-2023-1726)
The version of db4 installed on the remote host is prior to 4.7.25-22.13. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1726 advisory. Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges ...
Important: db4
Issue Overview: Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DBCONFIG in the current directory...
Amazon Linux 2 : libdb (ALAS-2023-1965)
The version of libdb installed on the remote host is prior to 5.3.21-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1965 advisory. Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges ...
Important: libdb
Issue Overview: Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DBCONFIG in the current directory...
SUSE CVE-2003-0468
Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate...
SUSE CVE-2003-0540
The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service lock via 1 a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or 2 v...
SUSE CVE-2005-0337
Postfix 2.1.3, when /proc/net/ifinet6 is not available and permitmxbackup is enabled in smtpdrecipientrestrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname...
SUSE CVE-2007-3791
Buffer overflow in the wread function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands. NOTE: some of these details are obtained from third party informati...
SUSE CVE-2008-2936
Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending ...
SUSE CVE-2008-2937
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name...
SUSE CVE-2008-3889
Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service application slowdown or exit via a crafted command, as...
SUSE CVE-2008-4977
postfixgroups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the 1 /tmp/postfixgroups.stdout, 2 /tmp/postfixgroups.stderr, and 3 /tmp/postfixgroups.message temporary files. NOTE: the vendor disputes this vulnerability, stating "This is not a real issue...
SUSE CVE-2010-0230
SUSE Linux Enterprise 10 SP3 SLE10-SP3 and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions...
SUSE CVE-2011-0411
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...
SUSE CVE-2011-1720
The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service...
SUSE CVE-2012-0811
Multiple SQL injection vulnerabilities in Postfix Admin aka postfixadmin before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via 1 the pw parameter to the pacrypt function, when mysqlencrypt is configured, or 2 unspecified vectors that are used in backup files generate...
SUSE CVE-2013-7176
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...