Description: Ubuntu has issued an update for postfix. This fixes a security issue, which can be exploited by malicious people to use a vulnerable system as an open relay.
The problem is caused due to an error in the IPv6 handling when "/proc/net/if_inet6" is not available (e.g. when running in a chroot jail). This makes it possible to relay mails through the system to any MX host with an IPv6 address.
Successful exploitation requires that "permit_mx_backup" is enabled in "smtpd_recipient_restrictions".
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.