Gentoo Linux Security Advisory 201206-33 - A vulnerability has been found in Postfix, the worst of which possibly allowing remote code execution. Versions less than 2.7.4 are affected.
747c3d1ceb77eac7ea28b8d7ce15ee48
Red Hat Security Advisory 2011-0843-01 - Postfix is a Mail Transport Agent, supporting LDAP, SMTP AUTH, and TLS. A heap-based buffer over-read flaw was found in the way Postfix performed SASL handlers management for SMTP sessions, when Cyrus SASL authentication was enabled. A remote attacker could use this flaw to cause the Postfix smtpd server to crash via a specially-crafted SASL authentication request. The smtpd process was automatically restarted by the postfix master process after the time configured with service_throttle_time elapsed. Various other issues were also addressed.
2e5d2956f80870529761187eaffc9fb8
Mandriva Linux Security Advisory 2011-090 - The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
3ddb60f220254a0b6542651b0a43f8db
Ubuntu Security Notice 1131-1 - Thomas Jarosch discovered that Postfix incorrectly handled authentication mechanisms other than PLAIN and LOGIN when the Cyrus SASL library is used. A remote attacker could use this to cause Postfix to crash, leading to a denial of service, or possibly execute arbitrary code as the postfix user.
457533377b681afc533a24be68137fb5
Debian Linux Security Advisory 2233-1 - Several vulnerabilities were discovered in Postfix, a mail transfer agent.
777ed4cbea09e007860b29ecab6dfc81
The Postfix SMTP server has a memory corruption error when the Cyrus SASL library is used with authentication mechanisms other than PLAIN and LOGIN (the ANONYMOUS mechanism is unaffected but should not be enabled for different reasons).
aa20352e228c35364fc0a75c88bd5667