Vulnerability Name:

CVE-2003-0540 (CCN-12816)

Assigned:2003-08-03
Published:2003-08-03
Updated:2017-10-11
Summary:The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: VulnWatch Mailing List, Sun Aug 03 2003 - 14:12:34 CDT
Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning

Source: MITRE
Type: CNA
CVE-2003-0540

Source: CONECTIVA
Type: UNKNOWN
CLA-2003:717

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2003:717
postfix

Source: FULLDISC
Type: UNKNOWN
20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning

Source: BUGTRAQ
Type: UNKNOWN
20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning

Source: TRUSTIX
Type: UNKNOWN
2003-0029

Source: CCN
Type: RHSA-2003-251
New postfix packages fix security issues.

Source: CCN
Type: SA9433
Postfix DoS and Bounce Scan Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
9433

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-363

Source: DEBIAN
Type: DSA 363-1
New postfix packages fix remote denial of service, bounce scanning

Source: DEBIAN
Type: DSA-363
postfix -- denial of service

Source: CCN
Type: US-CERT VU#895508
Postfix vulnerable to DoS by supplying a remote SMTP listener with a malformed envelope address

Source: CERT-VN
Type: US Government Resource
VU#895508

Source: ENGARDE
Type: UNKNOWN
ESA-20030804-019

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2003:081

Source: SUSE
Type: UNKNOWN
SuSE-SA:2003:033

Source: CCN
Type: OSVDB ID: 10544
Postfix Malformed Envelope Address nqmgr DoS

Source: CCN
Type: OSVDB ID: 10545
Postfix Multiple Mail Header SMTP listener DoS

Source: CCN
Type: Postfix Web site
The Postfix Home Page

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2003:251

Source: BID
Type: UNKNOWN
8333

Source: CCN
Type: BID-8333
Multiple Postfix Denial of Service Vulnerabilities

Source: CCN
Type: BID-8362
Postfix SMTP Malformed E-mail Envelope Address Denial of Service Vulnerability

Source: CCN
Type: Trustix Secure Linux Security Advisory #2003-0029
postfix

Source: XF
Type: UNKNOWN
postfix-mailfrom-rcptto-dos(12816)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:544

Source: SUSE
Type: SUSE-SA:2003:033
postfix: remote Denial of Service (DoS) attack

Vulnerable Configuration:Configuration 1:
  • cpe:/a:wietse_venema:postfix:1.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:wietse_venema:postfix:1.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:wietse_venema:postfix:1.1.12:*:*:*:*:*:*:*
  • OR cpe:/a:wietse_venema:postfix:1999-09-06:*:*:*:*:*:*:*
  • OR cpe:/a:wietse_venema:postfix:1999-12-31:*:*:*:*:*:*:*
  • OR cpe:/a:wietse_venema:postfix:2000-02-28:*:*:*:*:*:*:*
  • OR cpe:/a:wietse_venema:postfix:2001-11-15:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:wietse_venema:postfix:1.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:wietse_venema:postfix:1.1.12:*:*:*:*:*:*:*
  • OR cpe:/a:wietse_venema:postfix:1.0.21:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:engardelinux:secure_community:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:engardelinux:secure_linux:-:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_database_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_email_server:iii:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:engardelinux:secure_professional:-:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_email_server:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2::ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.cisecurity:def:1014
    P
    		DSA-363-1 -- postfix -- denial of service, bounce-scanning
    2016-09-16
    oval:org.mitre.oval:def:544
    V
    		Denial of Service Vulnerability in Postfix Parser Code
    2010-09-20
    oval:org.debian:def:363
    V
    		denial of service, bounce-scanning
    2003-08-03
    BACK
    wietse_venema postfix 1.0.21
    wietse_venema postfix 1.1.11
    wietse_venema postfix 1.1.12
    wietse_venema postfix 1999-09-06
    wietse_venema postfix 1999-12-31
    wietse_venema postfix 2000-02-28
    wietse_venema postfix 2001-11-15
    conectiva linux 7.0
    conectiva linux 8.0
    wietse_venema postfix 1.1.11
    wietse_venema postfix 1.1.12
    wietse_venema postfix 1.0.21
    redhat linux 7
    engardelinux secure community 1.0.1
    redhat linux 7.1
    trustix secure linux 1.2
    suse suse linux 7.2
    conectiva linux 7.0
    trustix secure linux 1.5
    redhat linux 7.2
    suse suse linux 7.3
    engardelinux secure linux -
    suse suse linux database server *
    suse suse email server iii
    suse suse linux connectivity server *
    mandrakesoft mandrake linux 8.2
    suse suse linux 8.0
    conectiva linux 8.0
    redhat linux 7.3
    debian debian linux 3.0
    engardelinux secure professional -
    suse suse linux office server *
    redhat linux 8.0
    mandrakesoft mandrake linux 9.0
    suse suse email server 3.1
    suse suse linux 8.1
    suse linux enterprise server 8
    mandrakesoft mandrake multi network firewall 8.2
    mandrakesoft mandrake linux corporate server 2.1
    redhat linux 9.0
    mandrakesoft mandrake linux 8.2
    mandrakesoft mandrake linux corporate server 2.1