MDKSA-2003:081
- Package name
- postfix
- Date
- 2003-08-04
- Advisory ID
- MDKSA-2003:081
- Affected versions
- CS2.1 x86_64 , CS2.1 i586 , 8.2 i586 , 9.0 i586 , MNF8.2 i586 , 8.2 i586
Problem description
Two vulnerabilities were discovered in the postfix MTA by Michal Zalewski. Versions prior to 1.1.12 would allow an attacker to bounce- scan private networks or use the daemon as a DDoS (Distributed Denial of Service) tool by forcing the daemon to connect to an arbitrary service at an arbitrary IP address and receiving either a bounce message or by timing. As well, versions prior to 1.1.12 have a bug where a malformed envelope address can cause the queue manager to lock up until an entry is removed from the queue and also lock up the SMTP listener leading to a DoS. Postfix version 1.1.13 corrects these issues. The provided packages have been patched to fix the vulnerabilities.
Updated packages
CS2.1 x86_64
92a11a97498d15b49800691daccfde79 x86_64/corporate/2.1/RPMS/postfix-1.1.13-1.2mdk.x86_64.rpm 6f340161b82d806f11b9cad2acc36041 x86_64/corporate/2.1/SRPMS/postfix-1.1.13-1.2mdk.src.rpm
CS2.1 i586
2aad99a13d54ad1639f838b72c541c5c corporate/2.1/RPMS/postfix-1.1.13-1.1mdk.i586.rpm 435cada8d84f410e4991d8563e6d42a6 corporate/2.1/SRPMS/postfix-1.1.13-1.1mdk.src.rpm
8.2 i586
3d78e8d0a5c6d841697c055112fa3cc0 8.2/RPMS/postfix-20010228-20.1mdk.i586.rpm d06d059baad0ab14b09c7612f94c7296 8.2/SRPMS/postfix-20010228-20.1mdk.src.rpm
9.0 i586
2aad99a13d54ad1639f838b72c541c5c 9.0/RPMS/postfix-1.1.13-1.1mdk.i586.rpm 435cada8d84f410e4991d8563e6d42a6 9.0/SRPMS/postfix-1.1.13-1.1mdk.src.rpm
MNF8.2 i586
3d78e8d0a5c6d841697c055112fa3cc0 mnf8.2/RPMS/postfix-20010228-20.1mdk.i586.rpm d06d059baad0ab14b09c7612f94c7296 mnf8.2/SRPMS/postfix-20010228-20.1mdk.src.rpm
8.2 i586
56162355881b39128f60f94e2992edbb ppc/8.2/RPMS/postfix-20010228-20.1mdk.ppc.rpm d06d059baad0ab14b09c7612f94c7296 ppc/8.2/SRPMS/postfix-20010228-20.1mdk.src.rpm