{"vuid":"VU#895508","idnumber":"895508","name":"Postfix vulnerable to DoS by supplying a remote SMTP listener with a malformed envelope address","keywords":["Postfix","DoS","denial of service","remote SMTP listener","malformed envelope address"],"overview":"A denial-of-service vulnerability exists in all versions of Postfix prior to 2.0. This vulnerability may allow a remote attacker to cause mail service interruption.","clean_desc":"Postfix is a very popular mail transfer agent (MTA). Michal Zalewski has discovered a denial-of-service vulnerability in Postfix. According to Michal, the vulnerability exists in a portion of code responsible for address parsing. For further technical details, please see Michal's announcement. Note that this vulnerability is message-oriented as opposed to connection-oriented. That means that the vulnerability is triggered by the contents of a specially-crafted email message rather than by lower-level network traffic. This is important because an MTA that does not contain the vulnerability may pass the malicious message along to other MTAs that may be protected at the network level. In other words, vulnerable Postfix servers on the interior of a network are still at risk, even if the site's border MTA uses software other than Postfix.","impact":"Postfix will be unable to deliver email.","resolution":"Apply a patch from your vendor.","workarounds":"Workarounds Based on feedback from the author of Postfix, if recipient name checking is turned on (Recipient name checking is turned off by default in version 1.1.11), mail for <nonexistent@[127.0.0.1]> is rejected.","sysaffected":"","thanks":"This vulnerability was discovered by Michal Zalewski. The CERT/CC thanks Michal for providing information upon which this document is based. We also thank the author of Postfix, Wietse Venema, for his help in understanding the vulnerability.","author":"This document was written by Ian A Finlay.","public":["http://marc.theaimsgroup.com/?l=vulnwatch&m=106000570117585&w=2","http://www.net-security.org/vuln.php?id=2862","http://www.secunia.com/advisories/9433/","http://www.postfix.org/","http://www.securityfocus.com/bid/8333"],"cveids":["CVE-2003-0540"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-08-04T13:39:03Z","publicdate":"2003-08-03T00:00:00Z","datefirstpublished":"2003-08-11T16:32:28Z","dateupdated":"2003-08-18T13:09:42Z","revision":11,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"17","cam_population":"15","cam_impact":"3","cam_easeofexploitation":"15","cam_attackeraccessrequired":"20","cam_scorecurrent":"8.1","cam_scorecurrentwidelyknown":"9.365625","cam_scorecurrentwidelyknownexploited":"14.428125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":8.1,"vulnote":null}