Bug 101620 - Postfix 1.1.13 fixes a denial of service
Postfix 1.1.13 fixes a denial of service
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: postfix (Show other bugs)
7.3
All Linux
high Severity medium
: ---
: ---
Assigned To: John Dennis
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-08-04 15:37 EDT by Petri T. Koistinen
Modified: 2007-03-27 00:08 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-08-04 16:13:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch (448 bytes, patch)
2003-08-04 15:38 EDT, Petri T. Koistinen
no flags Details | Diff

  None (edit)
Description Petri T. Koistinen 2003-08-04 15:37:50 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030714
Debian/1.4-2

Description of problem:
Postfix have security problem:

"Date: Sun, 3 Aug 2003 23:40:45 -0400 (EDT)
From: Wietse Venema <wietse@porcupine.org>"

"Subject: Postfix 1.1.13 available"
[Message-Id: <20030804034045.52908BC077@spike.porcupine.org>]

This patch fixes a denial of service condition in the Postfix smtpd,
qmgr, and other programs that use the trivial-rewrite service.
The problem is triggered when an invalid address resolves to an
impossible result. This causes the affected programs to reject the
result and to retry the trivial-rewrite request indefinitely.

The problem was found by Michal Zalewski in Postfix version 1.11
and can be triggered remotely via addresses in SMTP commands or in
Errors-To: message headers. Vulnerable Postfix versions are fixed
by applying a one-line patch"

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. See advisory

    

Additional info:
Comment 1 Petri T. Koistinen 2003-08-04 15:38:44 EDT
Created attachment 93385 [details]
patch
Comment 2 Alan Cox 2003-08-04 16:08:11 EDT
See the current errata.
Comment 3 Mark J. Cox (Product Security) 2003-08-04 16:19:02 EDT
Was fixed by 
http://rhn.redhat.com/errata/RHSA-2003-251.html which was pushed live just a few
minutes before your bug entry ;)
Comment 4 Petri T. Koistinen 2003-08-04 16:31:21 EDT
Thank you.
Comment 5 Scott Russell 2003-08-05 12:12:50 EDT
After upgrading from postfix-1.1.7-2 to current errata on Red Hat 7.3 the
following errors started appearing. Moving back to 1.1.7-2 and the errors have
gone away. It looks like a problem with the errata and running in the chroot jail?

Aug  5 11:52:56 iiosb postfix/postfix-script: starting the Postfix mail system
Aug  5 11:52:56 iiosb postfix/master[9427]: daemon started
Aug  5 11:52:56 iiosb postfix/nqmgr[9431]: A5ACA300A9:
from=<xtq@opensource.ibm.com>, size=5934, nrcpt=9 (queue active)
Aug  5 11:52:56 iiosb postfix/nqmgr[9431]: ADFF9300C3:
from=<colombo@opensource.ibm.com>, size=3624, nrcpt=4 (queue active)
Aug  5 11:52:56 iiosb postfix/nqmgr[9431]: 7D3E3300C8:
from=<apache@opensource.ibm.com>, size=732, nrcpt=1 (queue active)
Aug  5 11:52:56 iiosb postfix/nqmgr[9431]: 62258300C4:
from=<apache@opensource.ibm.com>, size=3651, nrcpt=2 (queue active)
Aug  5 11:52:56 iiosb postfix/nqmgr[9431]: 4527F300C2:
from=<colombo@opensource.ibm.com>, size=2499, nrcpt=4 (queue active)
Aug  5 11:52:56 iiosb postfix/smtp[9433]: fatal: unknown service: smtp/tcp
Aug  5 11:52:56 iiosb postfix/smtp[9434]: fatal: unknown service: smtp/tcp
Aug  5 11:52:56 iiosb postfix/smtp[9435]: fatal: unknown service: smtp/tcp
Aug  5 11:52:56 iiosb postfix/smtp[9436]: fatal: unknown service: smtp/tcp
Aug  5 11:52:56 iiosb postfix/smtp[9437]: fatal: unknown service: smtp/tcp
Aug  5 11:52:57 iiosb postfix/nqmgr[9431]: warning: premature end-of-input from
private/smtp socket while reading input attribute name
Aug  5 11:52:57 iiosb postfix/nqmgr[9431]: warning: private/smtp socket:
malformed response
Aug  5 11:52:57 iiosb postfix/nqmgr[9431]: warning: transport smtp failure --
see a previous warning/fatal/panic logfile record for the problem description
Aug  5 11:52:57 iiosb postfix/master[9427]: warning: process
/usr/libexec/postfix/smtp pid 9433 exit status 1
Aug  5 11:52:57 iiosb postfix/master[9427]: warning: /usr/libexec/postfix/smtp:
bad command startup -- throttling
Aug  5 11:52:57 iiosb postfix/nqmgr[9431]: warning: premature end-of-input from
private/smtp socket while reading input attribute name
Aug  5 11:52:57 iiosb postfix/nqmgr[9431]: warning: private/smtp socket:
malformed response
Aug  5 11:52:57 iiosb postfix/nqmgr[9431]: warning: transport smtp failure --
see a previous warning/fatal/panic logfile record for the problem description
Aug  5 11:52:57 iiosb postfix/master[9427]: warning: process
/usr/libexec/postfix/smtp pid 9434 exit status 1
Aug  5 11:52:57 iiosb postfix/nqmgr[9431]: warning: premature end-of-input from
private/smtp socket while reading input attribute name
Aug  5 11:52:57 iiosb postfix/nqmgr[9431]: warning: private/smtp socket:
malformed response
Aug  5 11:52:57 iiosb postfix/nqmgr[9431]: warning: transport smtp failure --
see a previous warning/fatal/panic logfile record for the problem description
Aug  5 11:52:57 iiosb postfix/master[9427]: warning: process
/usr/libexec/postfix/smtp pid 9437 exit status 1

Note You need to log in before you can comment on or make changes to this bug.