Executive Summary

Informations
Name CVE-2005-0337 First vendor Publication 2005-05-02
Vendor Cve Last vendor Modification 2017-10-11

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0337

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11339
 
Oval ID: oval:org.mitre.oval:def:11339
Title: Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue.
Description: Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
Family: unix Class: vulnerability
Reference(s): CVE-2005-0337
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 3
Os 1
Os 8

Open Source Vulnerability Database (OSVDB)

Id Description
13470 Postfix IPv6 Patch if_inet6 Failure Arbitrary Mail Relay

Postfix contains a flaw that may allow a malicious user to relay arbitrary mail to any MX host which has an IPv6 address. The issue is triggered when /proc/net/if_inet6 is not available (e.g. when run in chroot). It is possible that the flaw may allow open relay resulting in a loss of integrity.

Snort® IPS/IDS

Date Description
2019-08-31 Postfix IPv6 Relaying Security Issue
RuleID : 50859 - Revision : 1 - Type : SERVER-MAIL

Nessus® Vulnerability Scanner

Date Description
2006-01-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-74-1.nasl - Type : ACT_GATHER_INFO
2006-01-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-74-2.nasl - Type : ACT_GATHER_INFO
2005-03-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-152.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/12445
BUGTRAQ http://marc.info/?l=bugtraq&m=110763358832637&w=2
CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=267837
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT http://www.redhat.com/support/errata/RHSA-2005-152.html
SECUNIA http://secunia.com/advisories/14137/
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/19218

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2020-05-23 00:16:20
  • Multiple Updates
2017-10-11 09:23:28
  • Multiple Updates
2017-07-11 12:01:49
  • Multiple Updates
2016-10-18 12:01:35
  • Multiple Updates
2016-04-26 13:16:29
  • Multiple Updates
2014-02-17 10:30:01
  • Multiple Updates
2013-05-11 11:20:53
  • Multiple Updates