CVE-2011-1720

Related Files

Gentoo Linux Security Advisory 201206-33

Posted Jun 25, 2012

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-33 - A vulnerability has been found in Postfix, the worst of which possibly allowing remote code execution. Versions less than 2.7.4 are affected.

tags | advisory, remote, code execution

systems | linux, gentoo

advisories | CVE-2011-0411, CVE-2011-1720

MD5 | 747c3d1ceb77eac7ea28b8d7ce15ee48

Download | Favorite | View

Red Hat Security Advisory 2011-0843-01

Posted Jun 1, 2011

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0843-01 - Postfix is a Mail Transport Agent, supporting LDAP, SMTP AUTH, and TLS. A heap-based buffer over-read flaw was found in the way Postfix performed SASL handlers management for SMTP sessions, when Cyrus SASL authentication was enabled. A remote attacker could use this flaw to cause the Postfix smtpd server to crash via a specially-crafted SASL authentication request. The smtpd process was automatically restarted by the postfix master process after the time configured with service_throttle_time elapsed. Various other issues were also addressed.

tags | advisory, remote

systems | linux, redhat

advisories | CVE-2011-1720

MD5 | 2e5d2956f80870529761187eaffc9fb8

Download | Favorite | View

Mandriva Linux Security Advisory 2011-090

Posted May 17, 2011

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-090 - The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.

tags | advisory, remote, denial of service, arbitrary

systems | linux, mandriva

advisories | CVE-2011-1720

MD5 | 3ddb60f220254a0b6542651b0a43f8db

Download | Favorite | View

Ubuntu Security Notice USN-1131-1

Posted May 12, 2011

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1131-1 - Thomas Jarosch discovered that Postfix incorrectly handled authentication mechanisms other than PLAIN and LOGIN when the Cyrus SASL library is used. A remote attacker could use this to cause Postfix to crash, leading to a denial of service, or possibly execute arbitrary code as the postfix user.

tags | advisory, remote, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2011-1720

MD5 | 457533377b681afc533a24be68137fb5

Download | Favorite | View

Debian Security Advisory 2233-1

Posted May 10, 2011

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2233-1 - Several vulnerabilities were discovered in Postfix, a mail transfer agent.

tags | advisory, vulnerability

systems | linux, debian

advisories | CVE-2009-2939, CVE-2011-0411, CVE-2011-1720

MD5 | 777ed4cbea09e007860b29ecab6dfc81

Download | Favorite | View

Postfix SMTP Server Memory Corruption

Posted May 10, 2011

Authored by Wietse Venema

The Postfix SMTP server has a memory corruption error when the Cyrus SASL library is used with authentication mechanisms other than PLAIN and LOGIN (the ANONYMOUS mechanism is unaffected but should not be enabled for different reasons).

tags | advisory

advisories | CVE-2011-1720

MD5 | aa20352e228c35364fc0a75c88bd5667

Download | Favorite | View