CVSS: 5.0EPSS: 7%CPEs: 9EXPL: 2CVE-2003-0540 – Postfix 1.1.x - Denial of Service
https://notcve.org/view.php?id=CVE-2003-0540
The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up. El código de procesamiento de direcciones en Postfix 1.1.12 y anteriores permite a atacantes remotos causar una denegación de servicio (bloqueo) mediante (1) una dirección envoltorio malformada a una máquina local que generaría un rebote y que contenga la cadena ".!" en las cabeceras MAIL FROM Y Errors-To, lo que hace que nqmgrse cuelge, o (2) mediante un MAIL FROM con un RCPT TO conteniendo una cadena ".!" • https://www.exploit-db.com/exploits/22981 https://www.exploit-db.com/exploits/22982 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717 http://lists.grok.org.uk/pipermail/full-disclosure/2003-August/007693.html http://marc.info/?l=bugtraq&m=106001525130257&w=2 http://marc.info/?l=bugtraq&m=106029188614704&w=2 http://secunia.com/advisories/9433 http://www.debian.org/security/2003/dsa-363 http://www.kb.cert.org/vuls/id/895508 http://www.linuxsec •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0550
https://notcve.org/view.php?id=CVE-2003-0550
The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology. El protocolo STP, activado en Linux 2.4.x, no provee de suficiente seguridad por diseño, lo que permite a atacantes modificar la topología de puente. • http://www.debian.org/security/2004/dsa-358 http://www.debian.org/security/2004/dsa-423 http://www.redhat.com/support/errata/RHSA-2003-238.html http://www.redhat.com/support/errata/RHSA-2003-239.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A380 https://access.redhat.com/security/cve/CVE-2003-0550 https://bugzilla.redhat.com/show_bug.cgi?id=1617053 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0552
https://notcve.org/view.php?id=CVE-2003-0552
Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target. Linux 2.4.x pemite a atacantes remotos suplantar entradas en la tabla de reenvio de puente (bridge forwarding) mediante paquetes falsificados cuya dirección de origen es la misma que la del objetivo. • http://www.debian.org/security/2004/dsa-358 http://www.debian.org/security/2004/dsa-423 http://www.redhat.com/support/errata/RHSA-2003-198.html http://www.redhat.com/support/errata/RHSA-2003-238.html http://www.redhat.com/support/errata/RHSA-2003-239.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A385 https://access.redhat.com/security/cve/CVE-2003-0552 https://bugzilla.redhat.com/show_bug.cgi?id=1617055 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2003-0551
https://notcve.org/view.php?id=CVE-2003-0551
The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service. La implementación del protocolo STP en Linux 2.4.x no verifica adecuadamente ciertas longitudes, lo que podría permitir a atacantes causar una denegación de servicio. • http://www.debian.org/security/2004/dsa-358 http://www.debian.org/security/2004/dsa-423 http://www.redhat.com/support/errata/RHSA-2003-198.html http://www.redhat.com/support/errata/RHSA-2003-238.html http://www.redhat.com/support/errata/RHSA-2003-239.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A384 https://access.redhat.com/security/cve/CVE-2003-0551 https://bugzilla.redhat.com/show_bug.cgi?id=1617054 •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2003-0464
https://notcve.org/view.php?id=CVE-2003-0464
The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd. El código RPC en el kernel 2.4 de Linux establece la bandera de reusar cuando se crean sockets, lo que podría permitir a usuarios locales atar puertos UDP usados por servicios privilegiados como nfsd. • http://www.redhat.com/support/errata/RHSA-2003-238.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A311 https://access.redhat.com/security/cve/CVE-2003-0464 https://bugzilla.redhat.com/show_bug.cgi?id=1617039 •