| ID |
CVE-2003-0540
|
| Summary |
The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:wietse_venema:postfix:1.0.21:*:*:*:*:*:*:*
cpe:2.3:a:wietse_venema:postfix:1.0.21:*:*:*:*:*:*:*
-
cpe:2.3:a:wietse_venema:postfix:1.1.11:*:*:*:*:*:*:*
cpe:2.3:a:wietse_venema:postfix:1.1.11:*:*:*:*:*:*:*
-
cpe:2.3:a:wietse_venema:postfix:1.1.12:*:*:*:*:*:*:*
cpe:2.3:a:wietse_venema:postfix:1.1.12:*:*:*:*:*:*:*
-
cpe:2.3:a:wietse_venema:postfix:1999-09-06:*:*:*:*:*:*:*
cpe:2.3:a:wietse_venema:postfix:1999-09-06:*:*:*:*:*:*:*
-
cpe:2.3:a:wietse_venema:postfix:1999-12-31:*:*:*:*:*:*:*
cpe:2.3:a:wietse_venema:postfix:1999-12-31:*:*:*:*:*:*:*
-
cpe:2.3:a:wietse_venema:postfix:2000-02-28:*:*:*:*:*:*:*
cpe:2.3:a:wietse_venema:postfix:2000-02-28:*:*:*:*:*:*:*
-
cpe:2.3:a:wietse_venema:postfix:2001-11-15:*:*:*:*:*:*:*
cpe:2.3:a:wietse_venema:postfix:2001-11-15:*:*:*:*:*:*:*
-
cpe:2.3:o:conectiva:linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:conectiva:linux:7.0:*:*:*:*:*:*:*
-
cpe:2.3:o:conectiva:linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:conectiva:linux:8.0:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 5.0 (as of 11-10-2017 - 01:29) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
NONE |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| oval
via4
|
| accepted | 2010-09-20T04:00:28.470-04:00 | | class | vulnerability | | contributors | | name | Jay Beale | | organization | Bastille Linux |
| name | Thomas R. Jones | | organization | Maitreya Security |
| name | Jonathan Baker | | organization | The MITRE Corporation |
| | description | The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up. | | family | unix | | id | oval:org.mitre.oval:def:544 | | status | accepted | | submitted | 2003-09-02T12:00:00.000-04:00 | | title | Denial of Service Vulnerability in Postfix Parser Code | | version | 40 |
|
| redhat
via4
|
|
| refmap
via4
|
| bid | 8333 | | bugtraq | 20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning | | cert-vn | VU#895508 | | conectiva | CLA-2003:717 | | debian | DSA-363 | | engarde | ESA-20030804-019 | | fulldisc | 20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning | | mandrake | MDKSA-2003:081 | | secunia | 9433 | | suse | SuSE-SA:2003:033 | | trustix | 2003-0029 |
|
| Last major update |
11-10-2017 - 01:29 |
| Published |
27-08-2003 - 04:00 |
| Last modified |
11-10-2017 - 01:29 |
