Vulnerability IntelligenceVulnerability ScanningBlogCorporate InformationOnline ShopCustomer Login  
 Secunia AdvisoriesSecunia ResearchBinary Analysis  
Home > Vulnerability Intelligence > Secunia Advisories > Ubuntu Postfix IPv6 Relaying Security Issue
Secunia Advisories
Advisories
Search
Advisories by Product
Advisories by Vendor
Historic Advisories
Mailing Lists
Report Vulnerability
Contact Form
Business Solutions Restricted
Partner Solutions Restricted
About
 
Ubuntu Postfix IPv6 Relaying Security Issue
Secunia Advisory: SA14137
Advisory Toolbox:
Issue ticket
Save in to-do list
Mark as handled
Exploit information
Download as PDF
Review actions
Add comment
Release Date: 2005-02-04
Last Update: 2005-03-17
Popularity: 9,002 views

Critical:
Moderately critical
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch

OS:Ubuntu Linux 4.10
Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2005-0337
Description:
Ubuntu has issued an update for postfix. This fixes a security issue, which can be exploited by malicious people to use a vulnerable system as an open relay.

The problem is caused due to an error in the IPv6 handling when "/proc/net/if_inet6" is not available (e.g. when running in a chroot jail). This makes it possible to relay mails through the system to any MX host with an IPv6 address.

Successful exploitation requires that "permit_mx_backup" is enabled in "smtpd_recipient_restrictions".

Solution:
Apply patches.

-- Ubuntu 4.10 (Warty Warthog) --

Source archives:

http://security.ubuntu.com/ubuntu/poo...fix/postfix_2.1.3-1ubuntu17.2.diff.gz
Size/MD5: 411437 13a5c70dc86b6ad2e46faa6672200e8a
http://security.ubuntu.com/ubuntu/poo...postfix/postfix_2.1.3-1ubuntu17.2.dsc
Size/MD5: 864 aee128959b1f82569fd02749f388d768
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.1.3.orig.tar.gz
Size/MD5: 1971632 1f515b0d80cd1f9db0113240bf36f248

Architecture independent packages:

http://security.ubuntu.com/ubuntu/poo...postfix-dev_2.1.3-1ubuntu17.2_all.deb
Size/MD5: 97088 46dcc8fcee909ecea7302e6947d05d07
http://security.ubuntu.com/ubuntu/poo...postfix-doc_2.1.3-1ubuntu17.2_all.deb
Size/MD5: 644018 dae4547b5d36db64479bebca2b5ec840

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/poo...tfix-ldap_2.1.3-1ubuntu17.2_amd64.deb
Size/MD5: 35498 6d6dd7836d5af1d83b7d2ead8bc0fda3
http://security.ubuntu.com/ubuntu/poo...fix-mysql_2.1.3-1ubuntu17.2_amd64.deb
Size/MD5: 31404 d10130dc56d01393fc747e8b3e4c7a7a
http://security.ubuntu.com/ubuntu/poo...tfix-pcre_2.1.3-1ubuntu17.2_amd64.deb
Size/MD5: 30968 173da69b4a8f840d1ef3c10b59f4a06e
http://security.ubuntu.com/ubuntu/poo...fix-pgsql_2.1.3-1ubuntu17.2_amd64.deb
Size/MD5: 31714 30b2ee7467e5b47a04ed1171c33748f6
http://security.ubuntu.com/ubuntu/poo...stfix-tls_2.1.3-1ubuntu17.2_amd64.deb
Size/MD5: 156612 74e496f8fb62d61b40a22f78aae736c2
http://security.ubuntu.com/ubuntu/poo...x/postfix_2.1.3-1ubuntu17.2_amd64.deb
Size/MD5: 820554 18bda73d0d8a0fd10ad7673c1860cc13

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/poo...stfix-ldap_2.1.3-1ubuntu17.2_i386.deb
Size/MD5: 34784 2fec1db5f7b4edabea43ed8626f0721e
http://security.ubuntu.com/ubuntu/poo...tfix-mysql_2.1.3-1ubuntu17.2_i386.deb
Size/MD5: 30896 16a60ac74dac8a267ec61f9174720a72
http://security.ubuntu.com/ubuntu/poo...stfix-pcre_2.1.3-1ubuntu17.2_i386.deb
Size/MD5: 30602 aebc4184e77ab6fd432a3e71b3d97dae
http://security.ubuntu.com/ubuntu/poo...tfix-pgsql_2.1.3-1ubuntu17.2_i386.deb
Size/MD5: 31178 438941c8a89fc88a88e2b85b8434e747
http://security.ubuntu.com/ubuntu/poo...ostfix-tls_2.1.3-1ubuntu17.2_i386.deb
Size/MD5: 143082 eef18b6bc92d853b22e17860ba218e45
http://security.ubuntu.com/ubuntu/poo...ix/postfix_2.1.3-1ubuntu17.2_i386.deb
Size/MD5: 763534 de18daee7c9c2b13b02d00a5ab1040d3

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/poo...ix-ldap_2.1.3-1ubuntu17.2_powerpc.deb
Size/MD5: 36642 6520c94c375ce32827221b16081c5fb8
http://security.ubuntu.com/ubuntu/poo...x-mysql_2.1.3-1ubuntu17.2_powerpc.deb
Size/MD5: 32796 01b94955868878fa372b910c900a0017
http://security.ubuntu.com/ubuntu/poo...ix-pcre_2.1.3-1ubuntu17.2_powerpc.deb
Size/MD5: 32536 23b6cfd53bf332bb08f9f40832cb0ed5
http://security.ubuntu.com/ubuntu/poo...x-pgsql_2.1.3-1ubuntu17.2_powerpc.deb
Size/MD5: 33096 131f608edeb2bba86c7800ded7868f51
http://security.ubuntu.com/ubuntu/poo...fix-tls_2.1.3-1ubuntu17.2_powerpc.deb
Size/MD5: 152514 5ea8a791b57acafa9d07daf579ba6287
http://security.ubuntu.com/ubuntu/poo...postfix_2.1.3-1ubuntu17.2_powerpc.deb
Size/MD5: 826232 b904c4bbf4e140cd92a9845bc8730c15

Provided and/or discovered by:
Jean-Samuel Reynaud

Changelog:
2005-02-07: Vendor issues new updated packages.
2005-03-17: Added CVE reference.

Original Advisory:
http://www.ubuntulinux.org/support/documentation/usn/usn-74-2

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

Today
New advisories: 14
New vulnerabilities: 18
Updated advisories: 22

Less // 16 views
Netgear WN802T Wireless Access Point Two Vulnerabilities
Less // 15 views
Fedora update for xastir
Less // 35 views
XASTIR Insecure Temporary Files
Less // 43 views
Fedora update for samba
Less // 45 views
Fedora update for bitlbee
Less // 262 views
3Com Wireless 8760 Access Point HTTP Request Processing Denial of Service
Moderately // 273 views
CS-Cart "cs_cookies" SQL Injection Vulnerability
Less // 291 views
Drupal Content Construction Kit Script Insertion Vulnerabilities
Less // 354 views
HP OpenView Select Identity Connectors Information Disclosure
Moderately // 280 views
rPath update for libtiff

Solutions | More...  

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. 3Com Wireless 8760 Access Point HTTP Request Processing Denial of Service // 62 views
2. Cisco ASA and PIX Security Appliances Multiple Vulnerabilities // 57 views
3. HP OpenView Select Identity Connectors Information Disclosure // 53 views
4. Drupal Content Construction Kit Script Insertion Vulnerabilities // 44 views
5. VLC Media Player Multiple Vulnerabilities // 33 views
6. Opera Multiple Vulnerabilities // 32 views
7. Microsoft Office Two Code Execution Vulnerabilities // 31 views
8. CS-Cart "cs_cookies" SQL Injection Vulnerability // 31 views
9. Zeroboard Multiple Vulnerabilities // 28 views
10. Gentoo update for yelp // 28 views



Contact | Terms & Conditions | Report Vulnerability | Press | Jobs | About Secunia
Copyright Secunia 2002-2008