|
Postfix DoS and Bounce Scan Vulnerabilities
|
|
Secunia Advisory:
|
SA9433
|
|
|
Release Date:
|
2003-08-04
|
|
Popularity:
|
8,979 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Exposure of system information
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Postfix 1.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Two vulnerabilities have been identified in Postfix, which can be exploited by malicious people to cause a DoS (Denial of Service) on a vulnerable system or use it to conduct bounce scans and Distributed DoS attacks on other systems.
Both vulnerabilities are caused due to errors in the address parsing code. The first vulnerability can be exploited to cause a DoS on a vulnerable system in one of two ways:
1) It is possible to cause the queue manager (nqmgr) to stop processing the queue until a specific entry is removed. This can be achieved by eg. specifying an email that will generate a bounce and has an invalid source mailbox of "<.!>". The service will lock up, when trying to parse the return address.
2) It is possible to crash a single instance of the SMTP receiver by specifying a valid source mailbox and an invalid recipient of "<.!>". This will cause the service to freeze when trying to parse the recipient mailbox, and the whole system may potentially be crashed by doing this repeatedly.
The vulnerability affects versions 1.1.12 and prior. However, versions 1.1.9 and prior are only affected if the setting "append_dot_mydomain" is set to "no".
The second vulnerability is caused due to input validation error. This can be exploited to by specifying a specially crafted recipient like the following, which will cause the system to try to connect to the specified service on the specified system.
<[server_ip]:[service]!@local-host-name>
This can either be exploited to determine active services on another system via a bounce scan, or conduct a Distributed DoS by making multiple vulnerable system running Postfix connect to the specified system.
The vulnerability affects versions 1.1.11 and prior.
NOTE: Versions 2.x are not affected by the two vulnerabilities.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
