Red Hat Local Security Checks : RedHat Security Advisory RHSA-2005:152

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.51863

Kategorie: Red Hat Local Security Checks

Titel: RedHat Security Advisory RHSA-2005:152

Zusammenfassung: NOSUMMARY

Beschreibung: Description:

The remote host is missing updates announced in
advisory RHSA-2005:152.

Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),
and TLS.

A flaw was found in the ipv6 patch used with Postfix. When the file
/proc/net/if_inet6 is not available and permit_mx_backup is enabled in
smtpd_recipient_restrictions, this flaw could allow remote attackers to
bypass e-mail restrictions and perform mail relaying by sending mail to an
IPv6 hostname. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-0337 to this issue.

These updated packages also fix the following problems:

- - wrong permissions on doc directory
- - segfault when gethostbyname or gethostbyaddr fails

All users of postfix should upgrade to these updated packages, which
contain patches which resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-152.html

Risk factor : High

CVSS Score:
7.5

Querverweis: BugTraq ID: 12445
Common Vulnerability Exposure (CVE) ID: CVE-2005-0337
http://www.securityfocus.com/bid/12445
Bugtraq: 20050204 [USN-74-1] Postfix vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=110763358832637&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11339
http://www.redhat.com/support/errata/RHSA-2005-152.html
http://secunia.com/advisories/14137/
XForce ISS Database: postfix-ipv6-security-bypass(19218)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19218

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.51863
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Security Advisory RHSA-2005:152
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory RHSA-2005:152. Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), and TLS. A flaw was found in the ipv6 patch used with Postfix. When the file /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, this flaw could allow remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0337 to this issue. These updated packages also fix the following problems: - - wrong permissions on doc directory - - segfault when gethostbyname or gethostbyaddr fails All users of postfix should upgrade to these updated packages, which contain patches which resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-152.html Risk factor : High CVSS Score: 7.5
Querverweis:	BugTraq ID: 12445 Common Vulnerability Exposure (CVE) ID: CVE-2005-0337 http://www.securityfocus.com/bid/12445 Bugtraq: 20050204 [USN-74-1] Postfix vulnerability (Google Search) http://marc.info/?l=bugtraq&m=110763358832637&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11339 http://www.redhat.com/support/errata/RHSA-2005-152.html http://secunia.com/advisories/14137/ XForce ISS Database: postfix-ipv6-security-bypass(19218) https://exchange.xforce.ibmcloud.com/vulnerabilities/19218
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com