CVE Vulnerabilities

CVE-2003-0540

Published: Aug 27, 2003 | Modified: Oct 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the .! string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a .! string, which causes an instance of the SMTP listener to lock up.

Affected Software

Name Vendor Start Version End Version
Postfix Wietse_venema 1.0.21 1.0.21
Postfix Wietse_venema 1.1.11 1.1.11
Postfix Wietse_venema 1.1.12 1.1.12
Postfix Wietse_venema 1999-09-06 1999-09-06
Postfix Wietse_venema 1999-12-31 1999-12-31
Postfix Wietse_venema 2000-02-28 2000-02-28
Postfix Wietse_venema 2001-11-15 2001-11-15
Linux Conectiva 7.0 7.0
Linux Conectiva 8.0 8.0

References