#VU110625 Input validation error in Postfix - CVE-2003-0540

Cybersecurity Help s.r.o.

Published: 2025-06-08 | Updated: 2025-06-13

Vulnerability identifier: #VU110625

Vulnerability risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2003-0540

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Postfix
Server applications / Mail servers

Vendor: Postfix.org

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Postfix: 1.0.21, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9, 1.1.10, 1.1.11, 1.1.12

External links
https://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717
https://lists.grok.org.uk/pipermail/full-disclosure/2003-August/007693.html
https://marc.info/?l=bugtraq&m=106001525130257&w=2
https://marc.info/?l=bugtraq&m=106029188614704&w=2
https://secunia.com/advisories/9433
https://www.debian.org/security/2003/dsa-363
https://www.kb.cert.org/vuls/id/895508
https://www.linuxsecurity.com/advisories/engarde_advisory-3517.html
https://www.mandriva.com/security/advisories?name=MDKSA-2003:081
https://www.novell.com/linux/security/advisories/2003_033_postfix.html
https://www.redhat.com/support/errata/RHSA-2003-251.html
https://www.securityfocus.com/bid/8333
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A544

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Remote denial of service in Postfix