CVE-2017-5930
published 2017-03-20CVE-2017-5930: The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to…
PriorityP266low2.7CVSS 3.1
AVNACLPRHUINSUCNILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
14.95%
96.3th percentile
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | postfixadmin | < postfixadmin 3.0.2-1 (bookworm) | postfixadmin 3.0.2-1 (bookworm) |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| postfixadmin | postfixadmin | >= 0 < 3.0.2-1 | 3.0.2-1 |
| postfixadmin | postfixadmin | >= 0 < 3.0.2-1 | 3.0.2-1 |
| postfixadmin | postfixadmin | >= 0 < 3.0.2-1 | 3.0.2-1 |
| postfixadmin_project | postfixadmin | < 3.0.2 | 3.0.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to delete.php in PostfixAdmin with a 'delete' parameter, originating from domain admin accounts — this is the attack vector for unauthorized protected alias deletion. ↗
- →Affected versions are PostfixAdmin 2.91 through 3.0.1; flag any installations in this range as vulnerable. ↗
- →Watch for unexpected rewrites or deletions of protected aliases such as postmaster@domain, which may indicate exploitation of this missing permission check. ↗
- ·The vulnerability requires the attacker to be an authenticated domain admin — unauthenticated exploitation is not possible. ↗
- ·Fixed in PostfixAdmin 3.0.2; Debian packages resolved at version 3.0.2-1 across bookworm, forky, sid, and trixie. ↗
CVSS provenance
nvdv3.12.7LOWCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv2.7LOW
vulncheck2.7LOW
vendor_debian2.7LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xgfq-m22c-vpjj: The AliasHandler component in PostfixAdmin before 3
ghsa_unreviewed·2022-05-13
CVE-2017-5930 [LOW] CWE-862 GHSA-xgfq-m22c-vpjj: The AliasHandler component in PostfixAdmin before 3
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.
OSV
CVE-2017-5930: The AliasHandler component in PostfixAdmin before 3
osv·2017-03-20·CVSS 2.7
CVE-2017-5930 [LOW] CVE-2017-5930: The AliasHandler component in PostfixAdmin before 3
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.
VulnCheck
opensuse leap Missing Authorization
vulncheck·2017·CVSS 2.7
CVE-2017-5930 [LOW] opensuse leap Missing Authorization
opensuse leap Missing Authorization
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.
Affected: opensuse leap
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.ic3.gov/Media/News/2022/220126.pdf
Debian
CVE-2017-5930: postfixadmin - The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authentica...
vendor_debian·2017·CVSS 2.7
CVE-2017-5930 [LOW] CVE-2017-5930: postfixadmin - The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authentica...
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.
Scope: local
bookworm: resolved (fixed in 3.0.2-1)
forky: resolved (fixed in 3.0.2-1)
sid: resolved (fixed in 3.0.2-1)
trixie: resolved (fixed in 3.0.2-1)
No detection rules found.
No writeups or analysis indexed.
http://lists.opensuse.org/opensuse-updates/2017-02/msg00076.htmlhttp://www.openwall.com/lists/oss-security/2017/02/08/1http://www.openwall.com/lists/oss-security/2017/02/09/1http://www.securityfocus.com/bid/96142https://github.com/postfixadmin/postfixadmin/blob/postfixadmin-3.0.2/CHANGELOG.TXThttps://github.com/postfixadmin/postfixadmin/pull/23https://sourceforge.net/p/postfixadmin/mailman/message/35646827/http://lists.opensuse.org/opensuse-updates/2017-02/msg00076.htmlhttp://www.openwall.com/lists/oss-security/2017/02/08/1http://www.openwall.com/lists/oss-security/2017/02/09/1http://www.securityfocus.com/bid/96142https://github.com/postfixadmin/postfixadmin/blob/postfixadmin-3.0.2/CHANGELOG.TXThttps://github.com/postfixadmin/postfixadmin/pull/23https://sourceforge.net/p/postfixadmin/mailman/message/35646827/
2017-03-20
Published
Exploited in the wild