CVE-2003-0468
postfix - denial of service, bounce-scanning
EPSS 1.8%
Description
Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.
How to fix CVE-2003-0468
To remediate CVE-2003-0468, upgrade the affected package to a fixed version below.
- Debian/postfix—upgrade to 1.1.12 or later
- Debian/postfix—upgrade to 1.1.11-0.woody3 or later
Is CVE-2003-0468 being exploited?
Low — EPSS is 1.8%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.1.12
- from 0, < 1.1.11-0.woody3