Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability Network Vulnerability

Summary

This host is running Postfix SMTP server and is prone to memory corruption vulnerability.

Impact

Successful exploitation could allow remote attackers to cause a denial of service or possibly execute arbitrary code. Impact Level: Application

Solution

Upgrade to Postfix version 2.5.13, 2.6.10, 2.7.4, or 2.8.3 or later For updates refer to http://www.postfix.org/

Insight

The flaw is caused by a memory corruption error in the Cyrus SASL library when used with 'CRAM-MD5' or 'DIGEST-MD5' authentication mechanisms, which could allow remote attackers to crash an affected server or execute arbitrary code.

Affected

Postfix versions before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3

References

http://secunia.com/advisories/44500
http://www.kb.cert.org/vuls/id/727230
http://www.postfix.org/CVE-2011-1720.html
http://xforce.iss.net/xforce/xfdb/67359

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1720
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mail relaying
MailEnable SMTP HELO Command Denial of Service Vulnerability
Sendmail ETRN command DOS
Check if Mailserver answer to VRFY and EXPN requests
MailEnable 'MESMTRPC.exe' SMTP Service Multiple Remote Denial of Service Vulnerabilities

Take action and discover your vulnerabilities