Postfix SMTP Malformed E-mail Envelope Address Denial of Service Vulnerability

Postfix SMTP Malformed E-mail Envelope Address Denial of Service Vulnerability

Solution:
Conectiva has released advisory CLA-2003:717 with fixes to address this issue. Additional information is available in the referenced advisory. Fixes are linked below.

Debian has issued fixes. See advisory DSA-363-1 listed in the reference section for download locations.

SuSE has released advisory SuSE-SA:2003:033 with fixes to address this issue.

Mandrake has released advisory MDKSA-2003:081 with fixes to address this issue. Additional information is available in the referenced Mandrake Advisory.

Red Hat has released advisory RHSA-2003:251-01. Fix information may be gathered from the referenced advisory.

Guardian Digital has released an advisory (ESA-20030804-019) that provides updates for EnGarde Secure Linux. These updates may be applied automatically with the Guardian Digital WebTool. Please see the attached advisory for instructions on how to apply updates.

Trustix has released an advisory (TSLSA-2003-0029) that addresses this issue. Please see the attached advisory for details on obtaining and applying upgrades.

Vulnerable versions of the software can be fixed by upgrading to Postfix 1.1.13.

Wietse Venema Postfix 20011115

Engarde Secure Linux postfix-20001121-1.0.21.i386.rpm
ftp://ftp.engardelinux.org/pub/engarde/

Engarde Secure Linux postfix-20001121-1.0.21.i686.rpm
ftp://ftp.engardelinux.org/pub/engarde/

Wietse Venema Postfix 1.1.13
http://www.postfix.org/download.html

Wietse Venema Postfix 19991231

Trustix postfix-19991231_pl13-4tr.i586.rpm
ftp://ftp.trustix.net/pub/Trustix/updates/1.2/RPMS/postfix-19991231_pl 13-4tr.i586.rpm

Wietse Venema Postfix 1.1.13
http://www.postfix.org/download.html

Wietse Venema Postfix 19990906

Wietse Venema Postfix 1.1.13
http://www.postfix.org/download.html

Wietse Venema Postfix 20010228

Trustix postfix-0.0.20010228.pl08-4tr.i586.rpm
ftp://ftp.trustix.net/pub/Trustix/updates/1.5/RPMS/postfix-0.0.2001022 8.pl08-4tr.i586.rpm

Wietse Venema Postfix 1.1.13
http://www.postfix.org/download.html

Wietse Venema Postfix 1.0.21

Wietse Venema Postfix 1.1.13
http://www.postfix.org/download.html

Wietse Venema Postfix 1.1.11

Debian postfix-dev_1.1.11-0.woody3_all.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-dev_1.1 .11-0.woody3_all.deb

Debian postfix-ldap_1.1.11-0.woody3_alpha.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_1. 1.11-0.woody3_alpha.deb

Debian postfix-ldap_1.1.11-0.woody3_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_1. 1.11-0.woody3_arm.deb

Debian postfix-ldap_1.1.11-0.woody3_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_1. 1.11-0.woody3_hppa.deb

Debian postfix-ldap_1.1.11-0.woody3_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_1. 1.11-0.woody3_i386.deb

Debian postfix-ldap_1.1.11-0.woody3_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_1. 1.11-0.woody3_ia64.deb

Debian postfix-ldap_1.1.11-0.woody3_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_1. 1.11-0.woody3_m68k.deb

Debian postfix-ldap_1.1.11-0.woody3_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_1. 1.11-0.woody3_mips.deb

Debian postfix-ldap_1.1.11-0.woody3_mipsel.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_1. 1.11-0.woody3_mipsel.deb

Debian postfix-ldap_1.1.11-0.woody3_powerpc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_1. 1.11-0.woody3_powerpc.deb

Debian postfix-ldap_1.1.11-0.woody3_s390.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_1. 1.11-0.woody3_s390.deb

Debian postfix-ldap_1.1.11-0.woody3_sparc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_1. 1.11-0.woody3_sparc.deb

Debian postfix-mysql_1.1.11-0.woody3_alpha.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_1 .1.11-0.woody3_alpha.deb

Debian postfix-mysql_1.1.11-0.woody3_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_1 .1.11-0.woody3_arm.deb

Debian postfix-mysql_1.1.11-0.woody3_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_1 .1.11-0.woody3_hppa.deb

Debian postfix-mysql_1.1.11-0.woody3_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_1 .1.11-0.woody3_i386.deb

Debian postfix-mysql_1.1.11-0.woody3_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_1 .1.11-0.woody3_ia64.deb

Debian postfix-mysql_1.1.11-0.woody3_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_1 .1.11-0.woody3_m68k.deb

Debian postfix-mysql_1.1.11-0.woody3_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_1 .1.11-0.woody3_mips.deb

Debian postfix-mysql_1.1.11-0.woody3_mipsel.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_1 .1.11-0.woody3_mipsel.deb

Debian postfix-mysql_1.1.11-0.woody3_powerpc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_1 .1.11-0.woody3_powerpc.deb

Debian postfix-mysql_1.1.11-0.woody3_s390.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_1 .1.11-0.woody3_s390.deb

Debian postfix-mysql_1.1.11-0.woody3_sparc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_1 .1.11-0.woody3_sparc.deb

Debian postfix-pcre_1.1.11-0.woody3_alpha.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_1. 1.11-0.woody3_alpha.deb

Debian postfix-pcre_1.1.11-0.woody3_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_1. 1.11-0.woody3_arm.deb

Debian postfix-pcre_1.1.11-0.woody3_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_1. 1.11-0.woody3_hppa.deb

Debian postfix-pcre_1.1.11-0.woody3_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_1. 1.11-0.woody3_i386.deb

Debian postfix-pcre_1.1.11-0.woody3_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_1. 1.11-0.woody3_ia64.deb

Debian postfix-pcre_1.1.11-0.woody3_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_1. 1.11-0.woody3_m68k.deb

Debian postfix-pcre_1.1.11-0.woody3_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_1. 1.11-0.woody3_mips.deb

Debian postfix-pcre_1.1.11-0.woody3_mipsel.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_1. 1.11-0.woody3_mipsel.deb

Debian postfix-pcre_1.1.11-0.woody3_powerpc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_1. 1.11-0.woody3_powerpc.deb

Debian postfix-pcre_1.1.11-0.woody3_s390.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_1. 1.11-0.woody3_s390.deb

Debian postfix-pcre_1.1.11-0.woody3_sparc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_1. 1.11-0.woody3_sparc.deb

Debian postfix_1.1.11-0.woody3_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix_1.1.11- 0.woody3_arm.deb

Debian postfix_1.1.11-0.woody3_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix_1.1.11- 0.woody3_hppa.deb

Debian postfix_1.1.11-0.woody3_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix_1.1.11- 0.woody3_i386.deb

Debian postfix_1.1.11-0.woody3_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix_1.1.11- 0.woody3_ia64.deb

Debian postfix_1.1.11-0.woody3_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix_1.1.11- 0.woody3_m68k.deb

Debian postfix_1.1.11-0.woody3_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix_1.1.11- 0.woody3_mips.deb

Debian postfix_1.1.11-0.woody3_mipsel.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix_1.1.11- 0.woody3_mipsel.deb

Debian postfix_1.1.11-0.woody3_powerpc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix_1.1.11- 0.woody3_powerpc.deb

Debian postfix_1.1.11-0.woody3_s390.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix_1.1.11- 0.woody3_s390.deb

Debian postfix_1.1.11-0.woody3_sparc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/p/postfix/postfix_1.1.11- 0.woody3_sparc.deb

Wietse Venema Postfix 1.1.13
http://www.postfix.org/download.html

Wietse Venema Postfix 1.1.12

Mandrake postfix-1.1.13-1.1mdk.i586.rpm
Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake postfix-1.1.13-1.1mdk.i586.rpm
Mandrake Linux 9.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake postfix-1.1.13-1.2mdk.x86_64.rpm
Corporate Server 2.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake postfix-20010228-20.1mdk.i586.rpm
Mandrake Linux 8.2
http://www.mandrakesecure.net/en/ftp.php

Mandrake postfix-20010228-20.1mdk.i586.rpm
Multi Network Firewall 8.2
http://www.mandrakesecure.net/en/ftp.php

Mandrake postfix-20010228-20.1mdk.ppc.rpm
Mandrake Linux 8.2/PPC
http://www.mandrakesecure.net/en/ftp.php

S.u.S.E. postfix-1.1.12-12.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/postfix-1.1.12-12 .i586.patch.rpm

S.u.S.E. postfix-1.1.12-12.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/postfix-1.1.12-12 .i586.rpm

S.u.S.E. postfix-1.1.12-13.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/postfix-1.1.12-13.i386. rpm

S.u.S.E. postfix-20010228pl03-82.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/postfix-20010228pl03-82 .i386.rpm

S.u.S.E. postfix-20010228pl08-15.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/postfix-20010228pl08-1 5.sparc.rpm

S.u.S.E. postfix-20010228pl08-22.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/postfix-20010228pl08-22 .i386.rpm

S.u.S.E. postfix-20010228pl08-36.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/postfix-20010228pl08-36. ppc.rpm

Wietse Venema Postfix 1.1.13
http://www.postfix.org/download.html

Conectiva Linux 7.0

Conectiva postfix-1.1.13-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postfix-1.1.13-1U70_1cl.i 386.rpm

Conectiva postfix-1.1.13-1U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/postfix-1.1.13-1U70_1cl. src.rpm

Conectiva Linux 8.0

Conectiva postfix-1.1.13-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postfix-1.1.13-1U80_1cl.i38 6.rpm

Conectiva postfix-1.1.13-1U80_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/postfix-1.1.13-1U80_1cl.sr c.rpm

Conectiva postfix-doc-1.1.13-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postfix-doc-1.1.13-1U80_1cl .i386.rpm