Postfix versions 1.1.12 and below suffers from a remote denial of service attack due to a vulnerability in the address parser code.
e8e28a863997588aef90fb4e62ff99a22c91cdc08e3b2cd835651486388fcd55Apple Security Advisory 2017-10-31-12 - Additional information for the APPLE-SA-2017-09-25-9 macOS Server 5.4 advisory has been provided that relates to FreeRADIUS and Postfix.
ab7f1016be63a4d64acf9e8afda8cb266e256bd54b6c0f883eb1a5a8a72517edGentoo Linux Security Advisory 201709-20 - A vulnerability in Postfix may allow local users to gain root privileges. Versions less than 3.1.6 are affected.
b600c1a5f95a2227e066f6351a63b9daa56e68a6202706f7df5318020198cbc7Brutus is a small threaded python FTP brute-force and dictionary attack tool. It supports several brute-force parameters such as a custom character sets, password length, minimum password length, prefix, and postfix strings to passwords generated.
40ebf6ba69965e9808d786f10070c9a7f2f6fc99257bf7e16187b622613091c8Postfix Admin version 2.93 suffers from a cross site request forgery vulnerability.
c36bf42d6746cb09cb01c495637ea7bc269111f9cfcff5161901216a53a69331Debian Linux Security Advisory 3214-1 - A path traversal vulnerability was discovered in Mailman, the mailing list manager. Installations using a transport script (such as postfix-to-mailman.py) to interface with their MTA instead of static aliases were vulnerable to a path traversal attack. To successfully exploit this, an attacker needs write access on the local file system.
abf188d9a2c976b95165071e0f07ae6e49e0b202ed2c520547e5a230417b5ae5libCryptoLog hooks fprintf() and write() functions to provide encryption on the fly for log files from Apache, Nginx, Postfix, and more.
375b8cd1a61cbb82d69b065985018989597f5079a42f603aec9a1acceff970b4Postfix SMTP with procmail shellshock exploit that affects versions 4.2.x up through 4.2.48.
2defb18f0a8b00ec8fed37883f8a633b4382c93a3edfdbab3f7778291f08879aDebian Linux Security Advisory 2979-1 - Two vulnerabilities were discovered in Fail2ban, a solution to ban hosts that cause multiple authentication errors. When using Fail2ban to monitor Postfix or Cyrus IMAP logs, improper input validation in log parsing could enable a remote attacker to trigger an IP ban on arbitrary addresses, resulting in denial of service.
663686ca280e9f3c71e71611cc65c7317ff186652c7a041a969f80c3fe0d6f6fDebian Linux Security Advisory 2889-1 - An SQL injection vulnerability was discovered in postfixadmin, a web administration interface for the Postfix Mail Transport Agent, which allowed authenticated users to make arbitrary manipulations to the database.
6c98896315477340680db98e02791077026f5bb90eef2f49e4ff280754b1c63aGentoo Linux Security Advisory 201209-18 - Multiple vulnerabilities have been found in Postfixadmin which may lead to SQL injection or cross-site scripting attacks. Versions less than 2.3.5 are affected.
483fff8b8c40f8c7a48ee6753a592cc64440c80a933a09fb2b3d976df89bf714Secunia Security Advisory - Gentoo has issued an update for postfixadmin. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
6693c56c2f108a20e0dcda9c18d324aebc47f973032682e0962f59bf7c80237bSecunia Security Advisory - Gentoo has issued an update for postfix. This fixes two vulnerabilities, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
f7402d2aa539b8e516df12a70d30dd630319c5ad5a16ff66cd2dbb2d2b488b73Gentoo Linux Security Advisory 201206-33 - A vulnerability has been found in Postfix, the worst of which possibly allowing remote code execution. Versions less than 2.7.4 are affected.
05e98f47777707c46cf6dde146609306a3f61d80648b0c877d2ed8871983f6f0Postfixadmin version 2.3. 4 suffers from cross site scripting and remote SQL injection vulnerabilities.
792946daa68d21da19823d935d226aff83199c4a69cc33fe6dfa3dcbd4a11618Secunia Security Advisory - Multiple vulnerabilities have been reported in Postfix Admin, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting and script insertion attacks.
0fcd50f64699587ecbea6b580ae7675a38fec1cf457ebf05b22ea36c0f0a6e13Secunia Security Advisory - Red Hat has issued an update for postfix. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
9a5b4c4926427e689d5a29938728fc2a4e4c786017ae8730857458dd73a145e8Red Hat Security Advisory 2011-0843-01 - Postfix is a Mail Transport Agent, supporting LDAP, SMTP AUTH, and TLS. A heap-based buffer over-read flaw was found in the way Postfix performed SASL handlers management for SMTP sessions, when Cyrus SASL authentication was enabled. A remote attacker could use this flaw to cause the Postfix smtpd server to crash via a specially-crafted SASL authentication request. The smtpd process was automatically restarted by the postfix master process after the time configured with service_throttle_time elapsed. Various other issues were also addressed.
290f32e19e804868ba34739ec9704dcafcfdf5319694188c9ac9fd4eb3c9d6ddSecunia Security Advisory - Fedora has issued an update for postfix. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
558a4d62a76882aadb338cf3987b0c9c610df76f0bc23a239a440ea9e4441efeMandriva Linux Security Advisory 2011-090 - The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
26f21ccffabb06f7c9f727b9bc634ba334cafeb734a3272a015e25c29f59d6bfSecunia Security Advisory - Ubuntu has issued an update for postfix. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
57dadf68a6e33578e483e5e9cfac5368986f2e70ec45ac00e6e001dcffbcf564Secunia Security Advisory - SUSE has issued an update for postfix. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
b76cdeeb91b1fa2ad98c9f772f3a5ebb6b9c5ca02e51a9a52a4708893b70a234Secunia Security Advisory - Debian has issued an update for postfix. This fixes two vulnerabilities, which can be exploited by malicious people to manipulate certain data and cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
31bdb9c3fdbe5d9b482f5123fb37775eb0022c144cb351d49b40664584862cf7Ubuntu Security Notice 1131-1 - Thomas Jarosch discovered that Postfix incorrectly handled authentication mechanisms other than PLAIN and LOGIN when the Cyrus SASL library is used. A remote attacker could use this to cause Postfix to crash, leading to a denial of service, or possibly execute arbitrary code as the postfix user.
68340c9e3e7647ac269823e3960e437ebd6142bd59c663cc32250c2f77990d8eDebian Linux Security Advisory 2233-1 - Several vulnerabilities were discovered in Postfix, a mail transfer agent.
2066190092a138a8e944282214539e92f89d4e7e673e5c275fdb8a0859fc9199Secunia Security Advisory - A vulnerability has been reported in Postfix, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
a898ca2307360553e6290e9d405c3fbf6fa98da1812e2d8abf476f62a4b9d050
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed