CVE-2003-0540

The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.

Published: Aug 27, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-0540
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
wietse_venema / postfix	1.0.21	1.0.21.x
wietse_venema / postfix	2001-11-15	2001-11-15.x
wietse_venema / postfix	2000-02-28	2000-02-28.x
wietse_venema / postfix	1999-12-31	1999-12-31.x
conectiva / linux	8.0	8.0.x
wietse_venema / postfix	1.1.12	1.1.12.x
wietse_venema / postfix	1999-09-06	1999-09-06.x
wietse_venema / postfix	1.1.11	1.1.11.x
conectiva / linux	7.0	7.0.x

Vulnerability Database

289,697

CVE-2003-0540