Re: Fwd: [USN-74-1] Postfix vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Already read this link:
Jan Wagner wrote:
| ---------- Forwarded Message ----------
| Subject: [USN-74-1] Postfix vulnerability
| Date: Sunday 06 February 2005 23:55
| From: Wietse Venema <firstname.lastname@example.org>
| To: Postfix announce <email@example.com>
| Cc: Postfix users <firstname.lastname@example.org>
| In a recent announcement on the Full-Disclosure mailing list, Martin
| Pitt <email@example.com> wrote:
|>Jean-Samuel Reynaud noticed a programming error in the IPv6 handling
|>code of Postfix when /proc/net/if_inet6 is not available (which is the
|>case in Ubuntu since Postfix runs in a chroot). If "permit_mx_backup"
|>was enabled in the "smtpd_recipient_restrictions", Postfix turned into
|>an open relay, i. e. erroneously permitted the delivery of arbitrary
|>mail to any MX host which has an IPv6 address.
| This is a bug in a third-party IPv6 patch that is not part of
| Postfix. The bug affects Linux systems only.
| Neither the official Postfix release, nor the work-in-progress
| version (which has IPv6 support built-in) are affected by this.
| Please do not ask me how to resolve the vulnerability. Contact info
| for the third-party IPv6 patch is at
| Please do not ask me what Linux distributions are affected. Contact
| your Linux distributor instead.
| It would be nice if Linux distributors could indicate whether a
| Postfix problem is part of the software base itself, or due to a
| third-party add-on that they included with the base software.
| Hi list!
| my short question about the topic are:
| Is the recent postfix version of sarge (2.1.5-5) affected and if, when
| a fixed version expected?
| With kind regards, Jan.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----