CVE-2003-0468

9 documents8 sources
Severity
5.0MEDIUM
EPSS
1.8%
top 17.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Conectiva LinuxWietse Venema Postfix
Timeline
PublishedAug 27
Latest updateApr 29

Description

Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

Debianpostfix< 1.1.12+3
NVDwietse_venema/postfix6 versions+5
NVDconectiva/linux7.0, 8.0+1

Patches

Patch: www.debian.orgPatch: www.debian.org

🔴Vulnerability Details

3
GHSA
GHSA-p8pr-mx9r-9jjx: Postfix 12022-04-29
OSV
CVE-2003-0468: Postfix 12003-08-27
CVEList
CVE-2003-0468: Postfix 12003-08-05

💥Exploits & PoCs

2
Exploit-DB
Postfix 1.1.x - Denial of Service (1)2003-08-04
Exploit-DB
Postfix 1.1.x - Denial of Service (2)2003-08-04

📋Vendor Advisories

2
Red Hat
security flaw2003-08-03
Debian
CVE-2003-0468: postfix - Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bo...2003

💬Community

1
Bugzilla
CVE-2003-0468 security flaw2018-08-16
CVE-2003-0468 (MEDIUM CVSS 5) | Postfix 1.1.11 and earlier allows r | cvebase.io