Description
Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.
Product(s):
- Wietse Venema Postfix 1.0.21
- Wietse Venema Postfix 1.1.11
- Wietse Venema Postfix 1999-09-06
- Wietse Venema Postfix 1999-12-31
- Wietse Venema Postfix 2000-02-28
- Wietse Venema Postfix 2001-11-15
- Conectiva Conectiva Linux 7.0
- Conectiva Conectiva Linux 8.0
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2003-0468, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2003-0468 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.