Secunia Logo
Netsikker nu! 2008
 
Red Hat Postfix IPv6 Relaying Security Issue
Secunia Advisory: SA14624
Release Date: 2005-03-17
Popularity: 7,228 views

Critical:
Moderately critical
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch

OS:RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4

Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2005-0337


Description:
Red Hat has issued an update for postfix. This fixes a security issue, which can be exploited by malicious people to use a vulnerable system as an open relay.

The problem is caused due to an error in the IPv6 handling when "/proc/net/if_inet6" is not available (e.g. when running in a chroot jail). This makes it possible to relay mails through the system to any MX host with an IPv6 address.

Successful exploitation requires that "permit_mx_backup" is enabled in "smtpd_recipient_restrictions".

Solution:
Updated packages are available from Red Hat Network.
http://rhn.redhat.com/

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2005-152.html


Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

Today
New advisories: 6
New vulnerabilities: 14
Updated advisories: 10

Less // 135 views
Debian update for openldap
Moderately // 115 views
Debian update for ruby1.9
Moderately // 120 views
Debian update for ruby1.8

10th Oct, 2008
New advisories: 15
New vulnerabilities: 83
Updated advisories: 39

Moderately // 834 views
Red Hat update for cups

Solutions | More...  


Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. Apache Tomcat "RemoteFilterValve" Security Bypass Security Issue // 142 views
2. Debian update for openldap // 117 views
3. Debian update for ruby1.8 // 108 views
4. Debian update for ruby1.9 // 104 views
5. GuildFTPd "LIST" Processing Buffer Overflow Vulnerability // 81 views
6. Sun Java System Web Proxy Server FTP Subsystem Buffer Overflow // 44 views
7. CUPS Multiple Vulnerabilities // 42 views
8. Apple Mac OS X Security Update Fixes Multiple Vulnerabilities // 36 views
9. FUJITSU Interstage Products Apache Tomcat Security Bypass // 27 views
10. Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities // 26 views