Strix
26.1K

CVE-2003-0540

UnknownEPSS 21.26%

Last modified

CVE-2003-0540 is a vulnerability of currently unknown severity. The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.. EPSS estimates a 21.26% chance of exploitation in the next 30 days.

Description

The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.

Metrics

EPSS Probability
21.26%

97.3th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
Wietse VenemaPostfix1.0.21
Wietse VenemaPostfix1.1.11
Wietse VenemaPostfix1.1.12
Wietse VenemaPostfix1999-09-06
Wietse VenemaPostfix1999-12-31
Wietse VenemaPostfix2000-02-28
Wietse VenemaPostfix2001-11-15
ConectivaLinux7.0
ConectivaLinux8.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2003-0540?
The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.
How severe is CVE-2003-0540?
Severity scoring for CVE-2003-0540 is pending analysis. The EPSS model estimates a 21.26% probability of exploitation in the next 30 days.
How do I fix CVE-2003-0540?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2003-0540?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST