CVSS: 5.0EPSS: 2%CPEs: 8EXPL: 0CVE-2003-0468
https://notcve.org/view.php?id=CVE-2003-0468
Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port. Postfix 1.1.11 y anteriores permite a atacantes remotos usar Postfix para llevar a cabo "escaneos de rebote" o ataques de denegación de servicio distribuidos (DDoS) contra otras máquinas mediante una dirección de correo electrónico a la máquina local que contenga la dirección IP objetivo y el nombre del servicio seguido de una cadena "!", lo que hace que Postfix intente usar SMTP para comunicarse con el objetivo en el puerto asociado. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717 http://marc.info/?l=bugtraq&m=106001525130257&w=2 http://secunia.com/advisories/9433 http://www.debian.org/security/2003/dsa-363 http://www.mandriva.com/security/advisories?name=MDKSA-2003:081 http://www.novell.com/linux/security/advisories/2003_033_postfix.html http://www.redhat.com/support/errata/RHSA-2003-251.html http://www.securityfocus.com/bid/8333 https://oval.cisecurity.org/repository/search/definition&# •
CVSS: 5.0EPSS: 7%CPEs: 9EXPL: 2CVE-2003-0540 – Postfix 1.1.x - Denial of Service
https://notcve.org/view.php?id=CVE-2003-0540
The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up. El código de procesamiento de direcciones en Postfix 1.1.12 y anteriores permite a atacantes remotos causar una denegación de servicio (bloqueo) mediante (1) una dirección envoltorio malformada a una máquina local que generaría un rebote y que contenga la cadena ".!" en las cabeceras MAIL FROM Y Errors-To, lo que hace que nqmgrse cuelge, o (2) mediante un MAIL FROM con un RCPT TO conteniendo una cadena ".!" • https://www.exploit-db.com/exploits/22981 https://www.exploit-db.com/exploits/22982 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717 http://lists.grok.org.uk/pipermail/full-disclosure/2003-August/007693.html http://marc.info/?l=bugtraq&m=106001525130257&w=2 http://marc.info/?l=bugtraq&m=106029188614704&w=2 http://secunia.com/advisories/9433 http://www.debian.org/security/2003/dsa-363 http://www.kb.cert.org/vuls/id/895508 http://www.linuxsec •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2003-0464
https://notcve.org/view.php?id=CVE-2003-0464
The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd. El código RPC en el kernel 2.4 de Linux establece la bandera de reusar cuando se crean sockets, lo que podría permitir a usuarios locales atar puertos UDP usados por servicios privilegiados como nfsd. • http://www.redhat.com/support/errata/RHSA-2003-238.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A311 https://access.redhat.com/security/cve/CVE-2003-0464 https://bugzilla.redhat.com/show_bug.cgi?id=1617039 •
CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 0CVE-2003-0461
https://notcve.org/view.php?id=CVE-2003-0461
/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords. /proc/tty/driver/serial en Linux 2.4.x revela el número exacto de caractéres usado en enlaces serie, lo que podría permitir a usuarios locales obtener información potencialmente sensible como la longitud de las contraseñas. • http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html http://www.debian.org/security/2004/dsa-358 http://www.debian.org/security/2004/dsa-423 http://www.redhat.com/support/errata/RHSA-2003-238.html http://www.redhat.com/support/errata/RHSA-2004-188.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A304 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9330 https://oval.cisecurity.org/repository/sea •
CVSS: 7.5EPSS: 5%CPEs: 14EXPL: 1CVE-2003-0434 – Adobe Acrobat Reader (UNIX) 5.0 6 / Xpdf 0.9x Hyperlinks - Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2003-0434
Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink. Varios visores de PDF, incluidos Adobe Acrobat 5.06 y Xpdf 1.01 permiten a atacantes remotos la ejecución arbitraria de comandos mediante metacaracteres de shell en un hipervínculo embebido. • https://www.exploit-db.com/exploits/22771 http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005719.html http://marc.info/?l=bugtraq&m=105777963019186&w=2 http://secunia.com/advisories/9037 http://secunia.com/advisories/9038 http://www.kb.cert.org/vuls/id/200132 http://www.mandriva.com/security/advisories?name=MDKSA-2003:071 http://www.redhat.com/support/errata/RHSA-2003-196.html http://www.redhat.com/support/errata/RHSA-2003-197.html https://oval. •