发布时间 :2005-05-02 00:00:00
修订时间 :2017-10-10 21:29:55

[原文]Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.

[CNNVD]Postfix IPv6未授权邮件延时漏洞(CNNVD-200505-542)

        Postfix 2.1.3,当/proc/net/if_inet6不可用并且在smtpd_recipient_restrictions中启用了permit_mx_backup时,远程攻击者可以通过发送邮件到一个IPv6主机名来绕过电子邮件限制并执行邮件延时。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:redhat:enterprise_linux_desktop:4.0Red Hat Desktop 4.0
cpe:/o:suse:suse_linux:8.0SuSE SuSE Linux 8.0
cpe:/o:suse:suse_linux:8.1SuSE SuSE Linux 8.1
cpe:/o:suse:suse_linux:8.2SuSE SuSE Linux 8.2
cpe:/o:suse:suse_linux:9.0SuSE SuSE Linux 9.0
cpe:/o:suse:suse_linux:9.1SuSE SuSE Linux 9.1
cpe:/o:suse:suse_linux:9.2SuSE SuSE Linux 9.2

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11339Buffer overflow in the X render (Xrender) extension in X server 6.8.0 up to allows attackers to cause a denial of service (crash), as ...

- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20050204 [USN-74-1] Postfix vulnerability
(PATCH)  BID  12445
(UNKNOWN)  XF  postfix-ipv6-security-bypass(19218)

- 漏洞信息

Postfix IPv6未授权邮件延时漏洞
高危 设计错误
2005-05-02 00:00:00 2005-10-20 00:00:00
        Postfix 2.1.3,当/proc/net/if_inet6不可用并且在smtpd_recipient_restrictions中启用了permit_mx_backup时,远程攻击者可以通过发送邮件到一个IPv6主机名来绕过电子邮件限制并执行邮件延时。

- 公告与补丁


- 漏洞信息

Postfix IPv6 Patch if_inet6 Failure Arbitrary Mail Relay
Remote / Network Access Other
Loss of Integrity
Exploit Unknown

- 漏洞描述

Postfix contains a flaw that may allow a malicious user to relay arbitrary mail to any MX host which has an IPv6 address. The issue is triggered when /proc/net/if_inet6 is not available (e.g. when run in chroot). It is possible that the flaw may allow open relay resulting in a loss of integrity.

- 时间线

2005-02-04 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.1.3-1ubuntu17.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Postfix IPv6 Unauthorized Mail Relay Vulnerability
Design Error 12445
Yes No
2005-02-04 12:00:00 2009-07-12 10:06:00
Discovery is credited to Jean-Samuel Reynaud.

- 受影响的程序版本

Wietse Venema Postfix 2.1.3
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Enterprise Linux AS 4

- 漏洞讨论

Postfix is prone to a vulnerability that allows the application to be abused as a mail relay.

Arbitrary mail may be sent to any MX host with an IPv6 address. This could be exploited by spammers or other malicious parties.

Postfix 2.1.3 is reported prone to this issue. It is possible that other versions are affected as well.

- 漏洞利用

An exploit is not required.

- 解决方案

Ubuntu has released advisory USN-74-1 to address this issue. Please see the referenced advisory for more information.

SuSE Linux has released a security summary report (SUSE-SR:2005:003) that contains fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.

Ubuntu has updated advisory USN-74-1 to USN-74-2 to fix erroneous fixes included in USN-74-1. Please see the referenced advisory for more information.

Red Hat has released advisory RHSA-2005:152-04 to address this issue in Red Hat Enterprise Linux 4. Please see the advisory in Web references for more information.

Wietse Venema Postfix 2.1.3

- 相关参考