National Cyber Awareness System

Vulnerability Summary for CVE-2011-1720

Overview

The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#727230

Name: VU#727230

Hyperlink:http://www.kb.cert.org/vuls/id/727230

External Source: BID

Name: 47778

Type: Patch Information

Hyperlink:http://www.securityfocus.com/bid/47778

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=699035

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=699035

External Source: XF

Name: postfix-cyrus-sasl-code-exec(67359)

Hyperlink:http://xforce.iss.net/xforce/xfdb/67359

External Source: UBUNTU

Name: USN-1131-1

Hyperlink:http://www.ubuntu.com/usn/usn-1131-1

External Source: SECTRACK

Name: 1025521

Hyperlink:http://www.securitytracker.com/id?1025521

External Source: BUGTRAQ

Name: 20110509 Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720)

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/517917/100/0/threaded

External Source: CONFIRM

Name: http://www.postfix.org/CVE-2011-1720.html

Type: Advisory

Hyperlink:http://www.postfix.org/CVE-2011-1720.html

External Source: CONFIRM

Name: http://www.postfix.org/announcements/postfix-2.8.3.html

Type: Advisory

Hyperlink:http://www.postfix.org/announcements/postfix-2.8.3.html

External Source: OSVDB

Name: 72259

Hyperlink:http://www.osvdb.org/72259

External Source: MANDRIVA

Name: MDVSA-2011:090

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2011:090

External Source: MLIST

Name: [postfix-announce] 20110509 Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720)

Hyperlink:http://www.mail-archive.com/postfix-announce@postfix.org/msg00007.html

External Source: DEBIAN

Name: DSA-2233

Hyperlink:http://www.debian.org/security/2011/dsa-2233

External Source: SREASON

Name: 8247

Hyperlink:http://securityreason.com/securityalert/8247

External Source: GENTOO

Name: GLSA-201206-33

Hyperlink:http://security.gentoo.org/glsa/glsa-201206-33.xml

External Source: SECUNIA

Name: 44500

Type: Advisory

Hyperlink:http://secunia.com/advisories/44500

External Source: SUSE

Name: SUSE-SA:2011:023

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00002.html