CVE-2003-0468
First published: Tue Aug 05 2003(Updated: )
Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wietse Venema Postfix | =1.0.21 | |
| Wietse Venema Postfix | =2001-11-15 | |
| Wietse Venema Postfix | =2000-02-28 | |
| Wietse Venema Postfix | =1999-12-31 | |
| Conectiva Linux | =8.0 | |
| Wietse Venema Postfix | =1999-09-06 | |
| Wietse Venema Postfix | =1.1.11 | |
| Conectiva Linux | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.debian.org/security/2003/dsa-363
- http://www.redhat.com/support/errata/RHSA-2003-251.html
- http://www.novell.com/linux/security/advisories/2003_033_postfix.html
- http://www.securityfocus.com/bid/8333
- http://secunia.com/advisories/9433
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:081
- http://marc.info/?l=bugtraq&m=106001525130257&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A522
Frequently Asked Questions
What is the severity of CVE-2003-0468?
CVE-2003-0468 is considered a critical vulnerability due to its potential for remote exploitation and the ability to conduct DDoS attacks.
How do I fix CVE-2003-0468?
To fix CVE-2003-0468, upgrade to a version of Postfix that is later than 1.1.11, as this version addresses the vulnerability.
What systems are affected by CVE-2003-0468?
CVE-2003-0468 affects Postfix versions 1.1.11 and earlier, as well as various older versions of Conectiva Linux.
What is the impact of CVE-2003-0468?
The impact of CVE-2003-0468 includes the potential for remote attackers to use Postfix for bounce scans or DDoS attacks against other hosts.
Who can be affected by CVE-2003-0468?
Any organization using vulnerable versions of Postfix is at risk of being exploited via CVE-2003-0468.
- collector/nvd-historical
- vendor/wietse venema
- product/postfix
- canonical/wietse venema postfix
- vendor/conectiva
- product/linux
- canonical/conectiva linux
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/references
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- version/wietse venema postfix/1.0.21
- version/wietse venema postfix/2001-11-15
- version/wietse venema postfix/2000-02-28
- version/wietse venema postfix/1999-12-31
- version/conectiva linux/8.0
- version/wietse venema postfix/1999-09-06
- version/wietse venema postfix/1.1.11
- version/conectiva linux/7.0