6 results (0.015 seconds)

CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 6

CVE-2023-51764

https://notcve.org/view.php?id=CVE-2023-51764

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>), a different solution is required, such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9. • https://github.com/duy-31/CVE-2023-51764 https://github.com/eeenvik1/CVE-2023-51764 https://github.com/Double-q1015/CVE-2023-51764 https://github.com/d4op/CVE-2023-51764-POC http://www.openwall.com/lists/oss-security/2023/12/24/1 http://www.openwall.com/lists/oss-security/2023/12/25/1 http://www.openwall.com/lists/oss-security/2024/05/09/3 https://access.redhat.com/security/cve/CVE-2023-51764 https://bugzilla.redhat.com/show_bug.cgi?id=2255563 http • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1

CVE-2017-10140 – libdb: Reads DB_CONFIG from the current working directory

https://notcve.org/view.php?id=CVE-2017-10140

Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory. Postfix, en versiones anteriores a la 2.11.10, versiones 3.0.x anteriores a la 3.0.10, versiones 3.1.x anteriores a la 3.1.6 y versiones 3.2.x anteriores a la 3.2.2, podría permitir que usuarios locales obtengan privilegios aprovechando una funcionalidad no documentada en Berkeley DB, en versiones 2.x y posteriores. Esto está relacionado con la lectura de opciones de DB_CONFIG en el directorio actual. • http://seclists.org/oss-sec/2017/q3/285 http://www.postfix.org/announcements/postfix-3.2.2.html https://access.redhat.com/errata/RHSA-2019:0366 https://www.oracle.com/security-alerts/cpujul2020.html https://access.redhat.com/security/cve/CVE-2017-10140 https://bugzilla.redhat.com/show_bug.cgi?id=1464032 •

CVSS: 6.8EPSS: 88%CPEs: 109EXPL: 0

CVE-2011-1720 – (smtpd): Crash due to improper management of SASL handlers for SMTP sessions

https://notcve.org/view.php?id=CVE-2011-1720

The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method. El servidor SMTP en Postfix anterior a v2.5.13, v2.6.x anterior a v2.6.10, v2.7.x anterior a v2.7.4, y v2.8.x anterior a v2.8.3, cuando ciertos métodos Cyrus SASL de autenticación son activados, no crea un nuevo manejador de servidor después de que la autentificación falle, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria libre y caída de demonio) o posiblemente ejecutar código de su elección a tra´ves de un comando AUTH no válido con un método seguido por un comando AUTH con un método diferente. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00002.html http://secunia.com/advisories/44500 http://security.gentoo.org/glsa/glsa-201206-33.xml http://securityreason.com/securityalert/8247 http://www.debian.org/security/2011/dsa-2233 http://www.kb.cert.org/vuls/id/727230 http://www.mail-archive.com/postfix-announce%40postfix.org/msg00007.html http://www.mandriva.com/security/advisories?name=MDVSA-2011 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 1%CPEs: 42EXPL: 1

CVE-2011-0411 – postfix: SMTP commands injection during plaintext to TLS session switch

https://notcve.org/view.php?id=CVE-2011-0411

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack. La implementación de STARTTLS de Postfix 2.4.x anteriores a 2.4.16, 2.5.x anteriores a 2.5.12, 2.6.x anteriores a 2.6.9, y 2.7.x anteriores a 2.7.3 no restringe apropiadamente el buffering de I/O, lo que permite a atacantes man-in-the-middle insertar comandos en sesiones SMTP encriptadas enviando un comando en texto claro que es procesado después de que TLS es iniciado. Relacionado con un ataque de "inyección de comandos de texto en claro". • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://secunia.com/advisories/43646 http://secunia.com/advisories/43874 http://security.gentoo.org/glsa/glsa-201206-33.xml h • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 2%CPEs: 8EXPL: 0

CVE-2003-0468

https://notcve.org/view.php?id=CVE-2003-0468

Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port. Postfix 1.1.11 y anteriores permite a atacantes remotos usar Postfix para llevar a cabo "escaneos de rebote" o ataques de denegación de servicio distribuidos (DDoS) contra otras máquinas mediante una dirección de correo electrónico a la máquina local que contenga la dirección IP objetivo y el nombre del servicio seguido de una cadena "!", lo que hace que Postfix intente usar SMTP para comunicarse con el objetivo en el puerto asociado. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717 http://marc.info/?l=bugtraq&m=106001525130257&w=2 http://secunia.com/advisories/9433 http://www.debian.org/security/2003/dsa-363 http://www.mandriva.com/security/advisories?name=MDKSA-2003:081 http://www.novell.com/linux/security/advisories/2003_033_postfix.html http://www.redhat.com/support/errata/RHSA-2003-251.html http://www.securityfocus.com/bid/8333 https://oval.cisecurity.org/repository/search/definition&# •