aru Posted August 4, 2003 Report Share Posted August 4, 2003 MandrakeSoft Security Advisory MDKSA-2003:081 : postfix August 4th, 2003 Updated postfix packages fix remote DoS Two vulnerabilities were discovered in the postfix MTA by Michal Zalewski. Versions prior to 1.1.12 would allow an attacker to bounce- scan private networks or use the daemon as a DDoS (Distributed Denial of Service) tool by forcing the daemon to connect to an arbitrary service at an arbitrary IP address and receiving either a bounce message or by timing. As well, versions prior to 1.1.12 have a bug where a malformed envelope address can cause the queue manager to lock up until an entry is removed from the queue and also lock up the SMTP listener leading to a DoS. Postfix version 1.1.13 corrects these issues. The provided packages have been patched to fix the vulnerabilities. The released versions of Mandrake GNU/Linux affected are: 8.2 [*] 9.0 [*] Multi Network Firewall 8.2 [*] Corporate Server 2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:081 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0468 http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0540 Posted automatically by aru (mdksec2mub v0.0.6) Link to comment Share on other sites More sharing options...
Recommended Posts