Vulnerability Details CVE-2003-0468
Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 82.1%
CVSS Severity
CVSS v2 Score 5.0
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717
- http://marc.info/?l=bugtraq&m=106001525130257&w=2
- http://secunia.com/advisories/9433
- http://www.debian.org/security/2003/dsa-363
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:081
- http://www.novell.com/linux/security/advisories/2003_033_postfix.html
- http://www.redhat.com/support/errata/RHSA-2003-251.html
- http://www.securityfocus.com/bid/8333
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A522
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717
- http://marc.info/?l=bugtraq&m=106001525130257&w=2
- http://secunia.com/advisories/9433
- http://www.debian.org/security/2003/dsa-363
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:081
- http://www.novell.com/linux/security/advisories/2003_033_postfix.html
- http://www.redhat.com/support/errata/RHSA-2003-251.html
- http://www.securityfocus.com/bid/8333
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A522
Products affected by CVE-2003-0468
-
cpe:2.3:a:wietse_venema:postfix:1.0.21
-
cpe:2.3:a:wietse_venema:postfix:1.1.11
-
cpe:2.3:a:wietse_venema:postfix:1999-09-06
-
cpe:2.3:a:wietse_venema:postfix:1999-12-31
-
cpe:2.3:a:wietse_venema:postfix:2000-02-28
-
cpe:2.3:a:wietse_venema:postfix:2001-11-15
-
cpe:2.3:o:conectiva:linux:7.0
-
cpe:2.3:o:conectiva:linux:8.0