CVE-2004-0925
CVSS5.0
发布时间 :2005-01-27 00:00:00
修订时间 :2008-09-10 15:28:16
NMCOS    

[原文]Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate.


[CNNVD]Apple MacOS X postfix 拒绝服务漏洞(CNNVD-200501-306)

        Apple Mac OS X是一款使用在Mac机器上的操作系统,基于BSD系统。
        Mac OS X 10.3.X至10.3.5版本中的postfix存在拒绝服务漏洞。
        当postfix配置使用SMTPD AUTH时,由于处理认证用户名存在缺陷,远程攻击者可通过使用一个超长的用户名,使其他用户无法进行认证。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:apple:mac_os_x:10.3.1Apple Mac OS X 10.3.1
cpe:/o:apple:mac_os_x_server:10.3.3Apple Mac OS X Server 10.3.3
cpe:/o:apple:mac_os_x_server:10.3.4Apple Mac OS X Server 10.3.4
cpe:/o:apple:mac_os_x_server:10.3.2Apple Mac OS X Server 10.3.2
cpe:/o:apple:mac_os_x:10.3.3Apple Mac OS X 10.3.3
cpe:/o:apple:mac_os_x_server:10.3Apple Mac OS X Server 10.3
cpe:/o:apple:mac_os_x:10.3.2Apple Mac OS X 10.3.2
cpe:/o:apple:mac_os_x:10.3.5Apple Mac OS X 10.3.5
cpe:/o:apple:mac_os_x:10.3Apple Mac OS X 10.3
cpe:/o:apple:mac_os_x_server:10.3.5Apple Mac OS X Server 10.3.5
cpe:/o:apple:mac_os_x_server:10.3.1Apple Mac OS X Server 10.3.1
cpe:/o:apple:mac_os_x:10.3.4Apple Mac OS X 10.3.4

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0925
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0925
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-306
(官方数据源) CNNVD

- 其它链接及资源

http://lists.apple.com/archives/security-announce/2004/Oct/msg00000.html
(VENDOR_ADVISORY)  APPLE  APPLE-SA-2004-09-30

- 漏洞信息

Apple MacOS X postfix 拒绝服务漏洞
中危 其他
2005-01-27 00:00:00 2005-10-20 00:00:00
远程  
        Apple Mac OS X是一款使用在Mac机器上的操作系统,基于BSD系统。
        Mac OS X 10.3.X至10.3.5版本中的postfix存在拒绝服务漏洞。
        当postfix配置使用SMTPD AUTH时,由于处理认证用户名存在缺陷,远程攻击者可通过使用一个超长的用户名,使其他用户无法进行认证。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://support.apple.com/kb/HT1222

- 漏洞信息

10500
Apple Mac OS X Postfix SMTPD AUTH Username Overflow DoS
Remote / Network Access Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability
Exploit Public

- 漏洞描述

Mac OS X contains a flaw that may allow a remote denial of service. The issue is triggered when SMTPD AUTH is enabled and Postfix fails to clear the username buffer after each authentication attempt, which will result in loss of availability for the service. This flaw was introduced by Apple-specific patches to Postfix, and does not exist in the original Postfix source.

- 时间线

2004-10-04 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Apple Mac OS X Postfix Release SMTPD AUTH Username Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 11323
Yes No
2004-10-04 12:00:00 2009-07-12 07:06:00
Discovery is credited to Michael Rondinelli of EyeSee360.

- 受影响的程序版本

Wietse Venema Postfix 2.1
Wietse Venema Postfix 2.0
Wietse Venema Postfix 1.1.13
Wietse Venema Postfix 1.1.12
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.2 i386
Wietse Venema Postfix 1.1.11
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
Wietse Venema Postfix 1.0.21
+ EnGarde Secure Community 2.0
+ EnGarde Secure Community 1.0.1
+ EnGarde Secure Professional 1.5
+ EnGarde Secure Professional 1.2
+ EnGarde Secure Professional 1.1
Wietse Venema Postfix 20011115
Wietse Venema Postfix 20010228
+ Trustix Secure Linux 1.5
Wietse Venema Postfix 19991231
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Trustix Secure Linux 1.2
Wietse Venema Postfix 19990906
Apple Mac OS X Server 10.3.5
Apple Mac OS X Server 10.3.4
Apple Mac OS X Server 10.3.3
Apple Mac OS X Server 10.3.2
Apple Mac OS X Server 10.3.1
Apple Mac OS X Server 10.3
Apple Mac OS X 10.3.5
Apple Mac OS X 10.3.4
Apple Mac OS X 10.3.3
Apple Mac OS X 10.3.2
Apple Mac OS X 10.3.1
Apple Mac OS X 10.3

- 漏洞讨论

A vulnerability exists in the Postfix release distributed with Mac OS X that is related to the handling of usernames supplied through SMTPD AUTH. This may potentially be exploited to deny certain users access to the server.

This condition may only occur if SMTPD AUTH has been enabled.

This issue reportedly does not affect the upstream release of Postfix but rather only the version distributed with Apple Mac OS X Panther.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Apple has released updates for this issue that may be applied through Software Update. Manual updates are also available.


Apple Mac OS X Server 10.3.5

Apple Mac OS X 10.3.5

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站