Description
Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.
CVSS Metrics
- Vector
- AV:N/AC:L/Au:N/C:N/I:N/A:P
- Access Vector
- network
- Access Cmplx
- low
- Auth
- none
- Confidentiality
- none
- Integrity
- none
- Availability
- partial
- Weaknesses
- NVD-CWE-Other
Metadata
- Primary Vendor
- WIETSE_VENEMA
- Published
- 8/27/2003
- Last Modified
- 4/3/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
wietse_venema : postfixwietse_venema : postfixwietse_venema : postfixwietse_venema : postfixwietse_venema : postfixwietse_venema : postfixconectiva : linuxconectiva : linux
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.