SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#895508

Postfix vulnerable to DoS by supplying a remote SMTP listener with a malformed envelope address

Overview

A denial-of-service vulnerability exists in all versions of Postfix prior to 2.0. This vulnerability may allow a remote attacker to cause mail service interruption.

I. Description

Postfix is a very popular mail transfer agent (MTA). Michal Zalewski has discovered a denial-of-service vulnerability in Postfix. According to Michal, the vulnerability exists in a portion of code responsible for address parsing. For further technical details, please see Michal's announcement.

Note that this vulnerability is message-oriented as opposed to connection-oriented. That means that the vulnerability is triggered by the contents of a specially-crafted email message rather than by lower-level network traffic. This is important because an MTA that does not contain the vulnerability may pass the malicious message along to other MTAs that may be protected at the network level. In other words, vulnerable Postfix servers on the interior of a network are still at risk, even if the site's border MTA uses software other than Postfix.

II. Impact

Postfix will be unable to deliver email.

III. Solution

Apply a patch from your vendor.

Workarounds

Based on feedback from the author of Postfix, if recipient name checking is turned on (Recipient name checking is turned off by default in version 1.1.11), mail for <nonexistent@[127.0.0.1]> is rejected.

Systems Affected

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Not Vulnerable11-Aug-2003
ConectivaVulnerable8-Aug-2003
DebianVulnerable18-Aug-2003
EngardeVulnerable8-Aug-2003
F5 NetworksNot Vulnerable8-Aug-2003
FujitsuNot Vulnerable18-Aug-2003
IBMNot Vulnerable8-Aug-2003
Lotus SoftwareNot Vulnerable8-Aug-2003
Openwall GNU/*/LinuxNot Vulnerable13-Aug-2003
Red Hat Inc.Vulnerable8-Aug-2003
SuSE Inc.Vulnerable8-Aug-2003
TrusixVulnerable8-Aug-2003

References


http://marc.theaimsgroup.com/?l=vulnwatch&m=106000570117585&w=2
http://www.net-security.org/vuln.php?id=2862
http://www.secunia.com/advisories/9433/
http://www.postfix.org/
http://www.securityfocus.com/bid/8333

Credit

This vulnerability was discovered by Michal Zalewski. The CERT/CC thanks Michal for providing information upon which this document is based. We also thank the author of Postfix, Wietse Venema, for his help in understanding the vulnerability.

This document was written by Ian A Finlay.

Other Information

Date Public:2003-08-03
Date First Published:2003-08-11
Date Last Updated:2003-08-18
CERT Advisory: 
CVE-ID(s):CAN-2003-0540
NVD-ID(s):CAN-2003-0540
US-CERT Technical Alerts: 
Metric:8.10
Document Revision:11

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2003 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader