#VU110623 Resource exhaustion in Postfix - CVE-2001-0894
Published: June 8, 2025
Vulnerability identifier: #VU110623
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2001-0894
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Postfix
Postfix
Software vendor:
Postfix.org
Postfix.org
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when configured to email the postmaster when SMTP errors cause the session to terminate. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.
External links
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000439
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:089
- http://marc.info/?l=bugtraq&m=100584160110303&w=2
- http://www.debian.org/security/2001/dsa-093
- http://www.redhat.com/support/errata/RHSA-2001-156.html
- http://www.securityfocus.com/bid/3544
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7568