CVE-2001-0894

5 documents5 sources

Severity

5.0MEDIUM

EPSS

1.3%

top 20.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wietse Venema Postfix

Timeline

PublishedNov 11

Latest updateApr 30

Description

Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDwietse_venema/postfix1999-09-06, 1999-12-31, 2000-02-28+2

Patches

Patch: www.debian.org ↗Patch: www.securityfocus.com ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-4jcc-3cc2-c846: Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, al↗2022-04-30

▶

CVEList

CVE-2001-0894: Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, al↗2002-06-25

▶

📋Vendor Advisories

Red Hat

security flaw↗2001-11-15

▶

💬Community

Bugzilla

CVE-2001-0894 security flaw↗2018-08-16

▶