USN-74-1: Postfix vulnerability

4 February 2005

postfix vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Software Description

Details

Jean-Samuel Reynaud noticed a programming error in the IPv6 handling code of Postfix when /proc/net/if_inet6 is not available (which is the case in Ubuntu since Postfix runs in a chroot). If “permit_mx_backup” was enabled in the “smtpd_recipient_restrictions”, Postfix turned into an open relay, i. e. erroneously permitted the delivery of arbitrary mail to any MX host which has an IPv6 address.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
postfix

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References