Page 3 of 14 results (0.004 seconds)

CVSS: 1.9EPSS: 0%CPEs: 5EXPL: 0

Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name. Postfix 2.5 anterior a 2.5.4 y 2.6 anterior a 2.6-20080814 envía a un archivo buzón incluso cuando este archivo no es propiedad del receptor, lo que permite a usuarios locales leer mensajes de correo creando un archivo buzón correspondiente con el nombre de cuenta de otro usuario. • ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html http://secunia.com/advisories/31477 http://secunia.com/advisories/31485 http://secunia.com/advisories/31500 http://secunia.com/advisories/32231 http://security.gentoo.org/glsa/glsa-200808 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0

Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=267837 http://marc.info/?l=bugtraq&m=110763358832637&w=2 http://secunia.com/advisories/14137 http://www.redhat.com/support/errata/RHSA-2005-152.html http://www.securityfocus.com/bid/12445 https://exchange.xforce.ibmcloud.com/vulnerabilities/19218 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11339 https://access.redhat.com/security/cve/CVE-2005-0337 https://bugzilla.redhat.com/show_bug.cgi? •

CVSS: 5.0EPSS: 2%CPEs: 8EXPL: 0

Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port. Postfix 1.1.11 y anteriores permite a atacantes remotos usar Postfix para llevar a cabo "escaneos de rebote" o ataques de denegación de servicio distribuidos (DDoS) contra otras máquinas mediante una dirección de correo electrónico a la máquina local que contenga la dirección IP objetivo y el nombre del servicio seguido de una cadena "!", lo que hace que Postfix intente usar SMTP para comunicarse con el objetivo en el puerto asociado. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717 http://marc.info/?l=bugtraq&m=106001525130257&w=2 http://secunia.com/advisories/9433 http://www.debian.org/security/2003/dsa-363 http://www.mandriva.com/security/advisories?name=MDKSA-2003:081 http://www.novell.com/linux/security/advisories/2003_033_postfix.html http://www.redhat.com/support/errata/RHSA-2003-251.html http://www.securityfocus.com/bid/8333 https://oval.cisecurity.org/repository/search/definition&# •

CVSS: 5.0EPSS: 7%CPEs: 9EXPL: 2

The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up. El código de procesamiento de direcciones en Postfix 1.1.12 y anteriores permite a atacantes remotos causar una denegación de servicio (bloqueo) mediante (1) una dirección envoltorio malformada a una máquina local que generaría un rebote y que contenga la cadena ".!" en las cabeceras MAIL FROM Y Errors-To, lo que hace que nqmgrse cuelge, o (2) mediante un MAIL FROM con un RCPT TO conteniendo una cadena ".!" • https://www.exploit-db.com/exploits/22981 https://www.exploit-db.com/exploits/22982 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717 http://lists.grok.org.uk/pipermail/full-disclosure/2003-August/007693.html http://marc.info/?l=bugtraq&m=106001525130257&w=2 http://marc.info/?l=bugtraq&m=106029188614704&w=2 http://secunia.com/advisories/9433 http://www.debian.org/security/2003/dsa-363 http://www.kb.cert.org/vuls/id/895508 http://www.linuxsec •