Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Ubuntu Local Security Checks >> USN74-1 : postfix vulnerability

Vulnerability Assessment Details

USN74-1 : postfix vulnerability
Vulnerability Assessment Summary
postfix vulnerability

Detailed Explanation for this Vulnerability Assessment

Summary :

These remote packages are missing security patches :
- postfix
- postfix-dev
- postfix-doc
- postfix-ldap
- postfix-mysql
- postfix-pcre
- postfix-pgsql
- postfix-tls


Description :

Jean-Samuel Reynaud noticed a programming error in the IPv6 handling
code of Postfix when /proc/net/if_inet6 is not available (which is the
case in Ubuntu since Postfix runs in a chroot). If "permit_mx_backup"
was enabled in the "smtpd_recipient_restrictions", Postfix turned into
an open relay, i. e. erroneously permitted the delivery of arbitrary
mail to any MX host which has an IPv6 address.

Solution :

Upgrade to :
- postfix-2.1.3-1ubuntu17.1 (Ubuntu 4.10)
- postfix-dev-2.1.3-1ubuntu17.1 (Ubuntu 4.10)
- postfix-doc-2.1.3-1ubuntu17.1 (Ubuntu 4.10)
- postfix-ldap-2.1.3-1ubuntu17.1 (Ubuntu 4.10)
- postfix-mysql-2.1.3-1ubuntu17.1 (Ubuntu 4.10)
- postfix-pcre-2.1.3-1ubuntu17.1 (Ubuntu 4.10)
- postfix-pgsql-2.1.3-1ubuntu17.1 (Ubuntu 4.10)
- postfix-tls-2.1.3-1ubuntu17.1 (Ubuntu 4.10)



Network Security Threat Level: High


Networks Security ID:

Vulnerability Assessment Copyright: Ubuntu Security Notice (C) 2005 Canonical, Inc. / NASL script (C) 2005 Michel Arboi
Cables, Connectors

DELL POWEREDGE M630 TWO E5-2690V3 2.6GHZ 96GB 1.6TB SSD S130
$6559.0		 DELL POWEREDGE M630 TWO E5-2690V3 2.6GHZ 96GB 1.6TB SSD S130 pictureDELL POWEREDGE R730 8 BAY E5-2698V3 2.3GHZ 384GB 3 X 1.2TB 10K SAS H730
$9549.0		 DELL POWEREDGE R730 8 BAY E5-2698V3 2.3GHZ 384GB 3 X 1.2TB 10K SAS H730 picture


Discussions

No Discussions have been posted on this vulnerability.