CVE-2011-1720

Related Files

Gentoo Linux Security Advisory 201206-33

Posted Jun 25, 2012

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-33 - A vulnerability has been found in Postfix, the worst of which possibly allowing remote code execution. Versions less than 2.7.4 are affected.

tags | advisory, remote, code execution

systems | linux, gentoo

advisories | CVE-2011-0411, CVE-2011-1720

SHA-256 | 05e98f47777707c46cf6dde146609306a3f61d80648b0c877d2ed8871983f6f0

Download | Favorite | View

Red Hat Security Advisory 2011-0843-01

Posted Jun 1, 2011

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0843-01 - Postfix is a Mail Transport Agent, supporting LDAP, SMTP AUTH, and TLS. A heap-based buffer over-read flaw was found in the way Postfix performed SASL handlers management for SMTP sessions, when Cyrus SASL authentication was enabled. A remote attacker could use this flaw to cause the Postfix smtpd server to crash via a specially-crafted SASL authentication request. The smtpd process was automatically restarted by the postfix master process after the time configured with service_throttle_time elapsed. Various other issues were also addressed.

tags | advisory, remote

systems | linux, redhat

advisories | CVE-2011-1720

SHA-256 | 290f32e19e804868ba34739ec9704dcafcfdf5319694188c9ac9fd4eb3c9d6dd

Download | Favorite | View

Mandriva Linux Security Advisory 2011-090

Posted May 17, 2011

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-090 - The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.

tags | advisory, remote, denial of service, arbitrary

systems | linux, mandriva

advisories | CVE-2011-1720

SHA-256 | 26f21ccffabb06f7c9f727b9bc634ba334cafeb734a3272a015e25c29f59d6bf

Download | Favorite | View

Ubuntu Security Notice USN-1131-1

Posted May 12, 2011

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1131-1 - Thomas Jarosch discovered that Postfix incorrectly handled authentication mechanisms other than PLAIN and LOGIN when the Cyrus SASL library is used. A remote attacker could use this to cause Postfix to crash, leading to a denial of service, or possibly execute arbitrary code as the postfix user.

tags | advisory, remote, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2011-1720

SHA-256 | 68340c9e3e7647ac269823e3960e437ebd6142bd59c663cc32250c2f77990d8e

Download | Favorite | View

Debian Security Advisory 2233-1

Posted May 10, 2011

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2233-1 - Several vulnerabilities were discovered in Postfix, a mail transfer agent.

tags | advisory, vulnerability

systems | linux, debian

advisories | CVE-2009-2939, CVE-2011-0411, CVE-2011-1720

SHA-256 | 2066190092a138a8e944282214539e92f89d4e7e673e5c275fdb8a0859fc9199

Download | Favorite | View

Postfix SMTP Server Memory Corruption

Posted May 10, 2011

Authored by Wietse Venema

The Postfix SMTP server has a memory corruption error when the Cyrus SASL library is used with authentication mechanisms other than PLAIN and LOGIN (the ANONYMOUS mechanism is unaffected but should not be enabled for different reasons).

tags | advisory

advisories | CVE-2011-1720

SHA-256 | 701d670361d261d971bf5cb536af214e19dc67b4b2410370bfd209a2bf95cc86

Download | Favorite | View