Wietse Venema Postfix vulnerabilities

CVE-2005-0337 [HIGH] CVE-2005-0337: Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_rec Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.

CVE-2003-0540 [MEDIUM] CVE-2003-0540: The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of s The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" stri

CVE-2003-0468 [MEDIUM] CVE-2003-0468: Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.

CVE-2001-0894 [MEDIUM] CVE-2001-0894: Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster w Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large.