Buffer overflow in Postfix - CVE-2011-1720
Published: May 13, 2011 / Updated: August 11, 2020
Vulnerability identifier: #VU45044
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2011-1720
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Postfix.org
Affected software:
Postfix
Postfix
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
How to mitigate CVE-2011-1720
Install update from vendor's website.
Sources
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00002.html
- http://secunia.com/advisories/44500
- http://security.gentoo.org/glsa/glsa-201206-33.xml
- http://securityreason.com/securityalert/8247
- http://www.debian.org/security/2011/dsa-2233
- http://www.kb.cert.org/vuls/id/727230
- http://www.mail-archive.com/postfix-announce@postfix.org/msg00007.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:090
- http://www.osvdb.org/72259
- http://www.postfix.org/announcements/postfix-2.8.3.html
- http://www.postfix.org/CVE-2011-1720.html
- http://www.securityfocus.com/archive/1/517917/100/0/threaded
- http://www.securityfocus.com/bid/47778
- http://www.securitytracker.com/id?1025521
- http://www.ubuntu.com/usn/usn-1131-1
- https://bugzilla.redhat.com/show_bug.cgi?id=699035
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67359