Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2003-0540

Published: 27/08/2003 Updated: 11/10/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 510
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Conectiva

Vulnerability Summary

The address parser code in Postfix 1.1.12 and previous versions allows remote malicious users to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.

Vulnerable Product Search on Vulmon Subscribe to Product

conectiva linux 7.0

conectiva linux 8.0

wietse venema postfix 1.0.21

wietse venema postfix 1.1.11

wietse venema postfix 1.1.12

wietse venema postfix 2000-02-28

wietse venema postfix 2001-11-15

wietse venema postfix 1999-09-06

wietse venema postfix 1999-12-31

Vendor Advisories

Debian Security Advisories: DSA-363-1 postfix -- denial of service, bounce-scanning
The postfix mail transport agent in Debian 30 contains two vulnerabilities: CAN-2003-0468: Postfix would allow an attacker to bounce-scan private networks or use the daemon as a DDoS tool by forcing the daemon to connect to an arbitrary service at an arbitrary IP address and either receiving a bounce message or observing queue operations to ...

Exploits

Exploit DB: Postfix 1.1.x - Denial of Service (1)
source: wwwsecurityfocuscom/bid/8333/info Debian has reported two vulnerabilities in the Postfix mail transfer agent The first vulnerability, CAN-2003-0468, can allow for an adversary to "bounce-scan" a private network It has also been reported that this vulnerability can be exploited to use the server as a distributed denial of service ...
Exploit DB: Postfix 1.1.x - Denial of Service (2)
source: wwwsecurityfocuscom/bid/8333/info Debian has reported two vulnerabilities in the Postfix mail transfer agent The first vulnerability, CAN-2003-0468, can allow for an adversary to "bounce-scan" a private network It has also been reported that this vulnerability can be exploited to use the server as a distributed denial of servic ...

References

NVD-CWE-Otherhttp://www.redhat.com/support/errata/RHSA-2003-251.htmlhttp://www.debian.org/security/2003/dsa-363http://lists.grok.org.uk/pipermail/full-disclosure/2003-August/007693.htmlhttp://www.novell.com/linux/security/advisories/2003_033_postfix.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717http://www.linuxsecurity.com/advisories/engarde_advisory-3517.htmlhttp://www.kb.cert.org/vuls/id/895508http://www.securityfocus.com/bid/8333http://secunia.com/advisories/9433http://www.mandriva.com/security/advisories?name=MDKSA-2003:081http://marc.info/?l=bugtraq&m=106029188614704&w=2http://marc.info/?l=bugtraq&m=106001525130257&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A544https://nvd.nist.govhttps://www.debian.org/security/./dsa-363https://www.exploit-db.com/exploits/22981/https://www.kb.cert.org/vuls/id/895508
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377CVE-2024-20859CVE-2023-49606injectarbitrary CVE-2024-33788CVE-2024-30973IDORCVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook