CVE-2005-0337

Postfix 2.1.3 - Unauthenticated Mail Relay Bypass via IPv6 Hostname

Title source: llm
STIX 2.1

Description

Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.

References (7)

Core 7
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2005-152.html
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/12445
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110763358832637&w=2
Vendor Advisory x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=267837
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19218
Patch third-party-advisory x_refsource_secunia
http://secunia.com/advisories/14137/
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11339

Scores

EPSS 0.0085
EPSS Percentile 75.0%

Details

Status published
Products (9)
redhat/enterprise_linux 4.0 (3 CPE variants)
redhat/enterprise_linux_desktop 4.0
suse/suse_linux 8.0 (2 CPE variants)
suse/suse_linux 8.1
suse/suse_linux 8.2
suse/suse_linux 9.0 (2 CPE variants)
suse/suse_linux 9.1
suse/suse_linux 9.2
wietse_venema/postfix 2.1.3
Published May 02, 2005
Tracked Since Feb 18, 2026