APP: Postfix IPv6 Relaying Security Issue
There is a vulnerability in the way Postfix handles the relaying of e-mail messages. In certain configurations, the vulnerable Postfix becomes an open relay for mail addressed to MX host with IPv6 addresses. An attacker can exploit this flaw to deliver bulk arbitrary mail, using 3rd party resources, to an e-mail gateway with IPv6 addresses registered. A successful attack allows an attacker to use the target Postfix as an open relay to MX hosts with IPv6 addresses. The target will relay mail from an untrusted SMTP client. The vulnerable system may be used to send unsolicited e-mail such as spam.
Extended Description
Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
Affected Products
Suse suse_linux
References
CVE: CVE-2005-0337
Short Name
APP:POSTFIX-IPV6-RELAYING-ISSUE
Severity
Major
Recommended
False
Recommended Action
None
Category
APP
Keywords
CVE-2005-0337 IPv6 Issue Postfix Relaying Security
Release Date
06/12/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Wietse_venema
Suse
Redhat
CVSS Score
7.5