Red Hat Local Security Checks : RedHat Security Advisory RHSA-2005:152

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51863

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2005:152

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2005:152.

Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),
and TLS.

A flaw was found in the ipv6 patch used with Postfix. When the file
/proc/net/if_inet6 is not available and permit_mx_backup is enabled in
smtpd_recipient_restrictions, this flaw could allow remote attackers to
bypass e-mail restrictions and perform mail relaying by sending mail to an
IPv6 hostname. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-0337 to this issue.

These updated packages also fix the following problems:

- - wrong permissions on doc directory
- - segfault when gethostbyname or gethostbyaddr fails

All users of postfix should upgrade to these updated packages, which
contain patches which resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-152.html

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 12445
Common Vulnerability Exposure (CVE) ID: CVE-2005-0337
http://www.securityfocus.com/bid/12445
Bugtraq: 20050204 [USN-74-1] Postfix vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=110763358832637&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11339
http://www.redhat.com/support/errata/RHSA-2005-152.html
http://secunia.com/advisories/14137/
XForce ISS Database: postfix-ipv6-security-bypass(19218)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19218

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51863
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:152
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:152. Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), and TLS. A flaw was found in the ipv6 patch used with Postfix. When the file /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, this flaw could allow remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0337 to this issue. These updated packages also fix the following problems: - - wrong permissions on doc directory - - segfault when gethostbyname or gethostbyaddr fails All users of postfix should upgrade to these updated packages, which contain patches which resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-152.html Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 12445 Common Vulnerability Exposure (CVE) ID: CVE-2005-0337 http://www.securityfocus.com/bid/12445 Bugtraq: 20050204 [USN-74-1] Postfix vulnerability (Google Search) http://marc.info/?l=bugtraq&m=110763358832637&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11339 http://www.redhat.com/support/errata/RHSA-2005-152.html http://secunia.com/advisories/14137/ XForce ISS Database: postfix-ipv6-security-bypass(19218) https://exchange.xforce.ibmcloud.com/vulnerabilities/19218
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com