| VID |
18058 |
| Severity |
30 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The relevant host is running a version of Postfix which is 1.1.12 and earlier. Postfix is a free, open-source mail program, developed by Wietse Venema. Postfix versions 1.1.12 and earlier contain two vulnerabilities below:
1. Postfix versions 1.1.11 and earlier can be used as a distributed denial of service tool
2. Postfix versions 1.1.12 and earlier are vulnerable to a denial of service via MAIL FROM or RCPT TO
* References:
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0069.html
* Platforms Affected:
Postfix 1.1.12 and earlier
Linux Any version |
| Recommendation |
Upgrade to the latest version of Postfix (2.0 or later), available from the Postfix Web site at http://www.postfix.org/
For Red Hat Linux:
Upgrade to the latest Postfix package, as listed in Red Hat Security Advisory RHSA-2003:251-07 at https://rhn.redhat.com/errata/RHSA-2003-251.html
For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest version of Postfix (1.1.11-0.woody3 or later), as listed in Debian Security Advisory DSA-363-1 at http://www.debian.org/security/2003/dsa-363
For SuSE Linux:
Upgrade to the latest Postfix package, as listed in SuSE Security Announcement SuSE-SA:2003:033 at http://www.suse.com/de/security/2003_033_postfix.html
For Conectiva Linux:
Upgrade to the latest Postfix package, as listed in Conectiva Linux Security Announcement CLSA-2003:717 at http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000717
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2003-0468,CVE-2003-0540 (CVE) |
| Related URL |
8333,8361,8362 (SecurityFocus) |
| Related URL |
12815,12816 (ISS) |
|
