Postfix MAIL FROM or RCPT TO denial of service
| postfix-mailfrom-rcptto-dos (12816) |  Medium Risk |
Description:
Postfix is vulnerable to a denial of service. A remote attacker could send malformed MAIL FROM or Errors-To headers with an invalid address or a malformed RCPT TO header with a valid address to cause the queue manager (nqmgr) to hang until the entry is removed or the SMTP listener to crash.
Consequences:
Denial of Service
Remedy:
Upgrade to the latest version of Postfix (2.0 or later), available from the Postfix Web site. See References.
For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest version of postfix (1.1.11-0.woody3 or later), as listed in DSA-363-1. See References.
For SuSE Linux:
Upgrade to the latest postfix package as listed below. Refer to SuSE Security Announcement SuSE-SA:2002:033 for more information. See References.
SuSE Linux: 8.1 (Intel): 1.1.12-12 or later
SuSE Linux: 8.0 (Intel): 1.1.12-13 or later
SuSE Linux: 7.3 (Intel): 20010228pl08-22 or later
SuSE Linux: 7.3 (Sparc): 20010228pl08-15 or later
SuSE Linux: 7.3 (PPC): 20010228pl08-36 or later
SuSE Linux: 7.2 (Intel): 20010228pl03-82 or later
For Red Hat Linux:
Upgrade to the latest postfix package, as listed below. Refer to RHSA-2003:251-07 for more information. See References.
Red Hat 7.3: 1.1.12-0.7 or later
Red Hat 8.0: 1.1.12-0.8 or later
Red Hat 9: 1.1.12-1 or later
For EnGarde Secure Linux Community Edition and Professional Edition:
Upgrade to the latest postfix update, as listed in Guardian Digital Security Advisory ESA-20030804-019. See References.
For Conectiva Linux:
Upgrade to the latest postfix package, as listed below. Refer to Conectiva Linux Security Announcement CLSA-2003:717 for more information. See References.
Conectiva Linux 7.0: 1.1.13--1U70_1cl or later
Conectiva Linux 8: 1.1.13-1U80_1cl or later
For Trustix Secure Linux 1.2:
Upgrade to the latest postfix package (19991231_pl13-4tr or later), as listed in Trustix Secure Linux Security Advisory #2003-0029. See References.
For other distributions:
Contact your vendor for upgrade or patch information.
References:
- Conectiva Linux Security Announcement CLSA-2003:717: postfix.
- DSA 363-1: New postfix packages fix remote denial of service, bounce scanning.
- Postfix Web site: The Postfix Home Page.
- Trustix Secure Linux Security Advisory #2003-0029: postfix.
- VulnWatch Mailing List, Sun Aug 03 2003 - 14:12:34 CDT : Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning.
- BID-8333: Multiple Postfix Denial of Service Vulnerabilities
- BID-8362: Postfix SMTP Malformed E-mail Envelope Address Denial of Service Vulnerability
- CVE-2003-0540: The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the .! string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a .! string, which causes an instance of the SMTP listener to lock up.
- DSA-363: postfix -- denial of service
- MDKSA-2003:081: Updated postfix packages fix remote DoS
- OSVDB ID: 10544: Postfix Malformed Envelope Address nqmgr DoS
- OSVDB ID: 10545: Postfix Multiple Mail Header SMTP listener DoS
- RHSA-2003-251: New postfix packages fix security issues.
- SA9433: Postfix DoS and Bounce Scan Vulnerabilities
- SUSE-SA:2003:033: postfix: remote Denial of Service (DoS) attack
- US-CERT VU#895508: Postfix vulnerable to DoS by supplying a remote SMTP listener with a malformed envelope address
Platforms Affected:
- Conectiva Linux 7.0
- Conectiva Linux 8.0
- Debian Debian Linux 3.0
- EngardeLinux Secure Community 1.0.1
- EngardeLinux Secure Linux
- EngardeLinux Secure Professional
- MandrakeSoft Mandrake Linux 8.2 PPC
- MandrakeSoft Mandrake Linux 8.2
- MandrakeSoft Mandrake Linux 9.0
- MandrakeSoft Mandrake Linux Corporate Server 2.1 X86_64
- MandrakeSoft Mandrake Linux Corporate Server 2.1
- MandrakeSoft Mandrake Multi Network Firewall 8.2
- Novell SuSE Linux Enterprise Server 7.0
- Novell UnitedLinux 1.0
- RedHat Linux 7
- RedHat Linux 7.1
- RedHat Linux 7.2
- RedHat Linux 7.3
- RedHat Linux 8.0
- RedHat Linux 9.0
- SuSE Linux Enterprise Server 8
- SuSE SuSE eMail Server 3.1
- SuSE SuSE eMail Server III
- SUSE SuSE Linux 7.2
- SUSE SuSE Linux 7.3
- SUSE SuSE Linux 8.0
- SUSE SuSE Linux 8.1
- SuSE SuSE Linux Connectivity Server
- SuSE SuSE Linux Database Server
- SuSE SuSE Linux Desktop 1.0
- SuSE SuSE Linux Office Server
- SuSE SuSE Linux OpenExchange Server 4
- Trustix Secure Linux 1.2
- Trustix Secure Linux 1.5
- Wietse Venema Postfix 1.0.21
- Wietse Venema Postfix 1.1.11
- Wietse Venema Postfix 1.1.12
- Wietse Venema Postfix 19990906
- Wietse Venema Postfix 19991231
- Wietse Venema Postfix 20010228
- Wietse Venema Postfix 20011115
Reported:
Aug 03, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this