PT-2003-1643 · Postfix · Postfix

Michal Zalewski

Published

2003-08-05

Updated

2017-10-11

CVE-2003-0468

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions: Postfix versions 1.1.11 and earlier

Description: The issue allows remote attackers to use Postfix to conduct scans or attacks of other hosts. This is achieved by sending an email address to the local host containing the target IP address and service name followed by a "!" string. As a result, Postfix attempts to use SMTP to communicate with the target on the associated port.

Recommendations: For Postfix versions 1.1.11 and earlier, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the SMTP service to minimize the risk of unauthorized use.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0468

DSA-363

Affected Products

Postfix

PT-2003-1643 · Postfix · Postfix

CVE-2003-0468

Related Identifiers

Affected Products

References · 13