CVE-2003-0468 | Vulnerability Database | Aqua Security

Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct bounce scans or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a ! string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.

Affected Software

Name	Vendor	Start Version	End Version
Postfix	Wietse_venema	1.0.21 (including)	1.0.21 (including)
Postfix	Wietse_venema	1.1.11 (including)	1.1.11 (including)
Postfix	Wietse_venema	1999-09-06 (including)	1999-09-06 (including)
Postfix	Wietse_venema	1999-12-31 (including)	1999-12-31 (including)
Postfix	Wietse_venema	2000-02-28 (including)	2000-02-28 (including)
Postfix	Wietse_venema	2001-11-15 (including)	2001-11-15 (including)
Linux	Conectiva	7.0 (including)	7.0 (including)
Linux	Conectiva	8.0 (including)	8.0 (including)

References

http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000717
http://marc.info/?l=bugtraq\u0026m=106001525130257\u0026w=2
http://secunia.com/advisories/9433
http://www.debian.org/security/2003/dsa-363
http://www.mandriva.com/security/advisories?name=MDKSA-2003:081
http://www.novell.com/linux/security/advisories/2003_033_postfix.html
http://www.redhat.com/support/errata/RHSA-2003-251.html
http://www.securityfocus.com/bid/8333
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A522

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0468
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html