CVE-2003-0540 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2003-0540
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2003-0540

Description: The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.

CVE Status: Candidate

References: TRUSTIX http://marc.theaimsgroup.com/?l=bugtraq&m=106029188614704&w=2 SUSE http://www.novell.com/linux/security/advisories/2003_033_postfix.html SAID Secunia Advisory: SA9433 REDHAT http://www.redhat.com/support/errata/RHSA-2003-251.html OVAL http://oval.mitre.org/oval/definitions/data/oval544.html MANDRAKE http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:081 FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2003-August/007693.html ENGARDE http://www.linuxsecurity.com/advisories/engarde_advisory-3517.html DEBIAN http://www.debian.org/security/2003/dsa-363 CONECTIVA http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717 CERT-VN 895508 BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=106001525130257&w=2 BID 8333

Return to the previous page.