Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
APP:POSTFIX-IPV6-RELAYING-ISSUE |
|---|---|
Severity |
Major |
Recommended |
No |
Category |
APP |
Keywords |
Postfix IPv6 Relaying Security Issue |
Release Date |
2015/06/12 |
Update Number |
2504 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
APP: Postfix IPv6 Relaying Security Issue
There is a vulnerability in the way Postfix handles the relaying of e-mail messages. In certain configurations, the vulnerable Postfix becomes an open relay for mail addressed to MX host with IPv6 addresses. An attacker can exploit this flaw to deliver bulk arbitrary mail, using 3rd party resources, to an e-mail gateway with IPv6 addresses registered. A successful attack allows an attacker to use the target Postfix as an open relay to MX hosts with IPv6 addresses. The target will relay mail from an untrusted SMTP client. The vulnerable system may be used to send unsolicited e-mail such as spam.
Extended Description
Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
Affected Products
- Redhat enterprise_linux 4.0
- Redhat enterprise_linux 4.0 (:advanced_server)
- Redhat enterprise_linux 4.0 (:enterprise_server)
- Redhat enterprise_linux 4.0 (:workstation)
- Redhat enterprise_linux_desktop 4.0
- Suse suse_linux 8.0
- Suse suse_linux 8.0 (:i386)
- Suse suse_linux 8.1
- Suse suse_linux 8.2
- Suse suse_linux 9.0
- Suse suse_linux 9.0 (:x86_64)
- Suse suse_linux 9.1
- Suse suse_linux 9.2
- Wietse_venema postfix 2.1.3
References
- CVE: CVE-2005-0337