CVE-2003-0468

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2003-0468

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2003-0468.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2003-0468

Downstream

DEBIAN-CVE-2003-0468

DSA-363

Published

2003-08-27T04:00:00Z

Modified

2025-08-09T20:01:27Z

Summary

[none]

Details

Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.

References

Affected packages

Debian:11 / postfix

Package

Name: postfix
Purl: pkg:deb/debian/postfix?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.12

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / postfix

Package

Name: postfix
Purl: pkg:deb/debian/postfix?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.12

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / postfix

Package

Name: postfix
Purl: pkg:deb/debian/postfix?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.12

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / postfix

Package

Name: postfix
Purl: pkg:deb/debian/postfix?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.12

Ecosystem specific

{
    "urgency": "not yet assigned"
}