CVE-2011-1720
published 2011-05-13CVE-2011-1720: The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are…
PriorityP345medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
21.65%
97.3th percentile
The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
Affected
114 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | postfix | < postfix 2.8.3-1 (bookworm) | postfix 2.8.3-1 (bookworm) |
| postfix | postfix | — | — |
| postfix | postfix | — | — |
| postfix | postfix | — | — |
| postfix | postfix | — | — |
| postfix | postfix | — | — |
| postfix | postfix | — | — |
| postfix | postfix | — | — |
| postfix | postfix | — | — |
| postfix | postfix | — | — |
| postfix | postfix | — | — |
| postfix | postfix | — | — |
| postfix | postfix | — | — |
| postfix | postfix | — | — |
| postfix | postfix | — | — |
| postfix | postfix | — | — |
| postfix | postfix | — | — |
| postfix | postfix | — | — |
| postfix | postfix | — | — |
| postfix | postfix | — | — |
| postfix | postfix | — | — |
| postfix | postfix | — | — |
| postfix | postfix | — | — |
| postfix | postfix | — | — |
| postfix | postfix | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8j5r-6hhw-hf9g: The SMTP server in Postfix before 2
ghsa_unreviewed·2022-05-14
CVE-2011-1720 [MEDIUM] CWE-119 GHSA-8j5r-6hhw-hf9g: The SMTP server in Postfix before 2
The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
OSV
CVE-2011-1720: The SMTP server in Postfix before 2
osv·2011-05-13·CVSS 6.8
CVE-2011-1720 [MEDIUM] CVE-2011-1720: The SMTP server in Postfix before 2
The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
Ubuntu
Postfix vulnerability
vendor_ubuntu·2011-05-11
CVE-2011-1720 Postfix vulnerability
Title: Postfix vulnerability
Summary: An attacker could send crafted input to Postfix and cause it to crash or
run programs.
Thomas Jarosch discovered that Postfix incorrectly handled authentication
mechanisms other than PLAIN and LOGIN when the Cyrus SASL library is used.
A remote attacker could use this to cause Postfix to crash, leading to a
denial of service, or possibly execute arbitrary code as the postfix user.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
(smtpd): Crash due to improper management of SASL handlers for SMTP sessions
vendor_redhat·2011-05-09·CVSS 6.8
CVE-2011-1720 [MEDIUM] (smtpd): Crash due to improper management of SASL handlers for SMTP sessions
(smtpd): Crash due to improper management of SASL handlers for SMTP sessions
The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
Debian
CVE-2011-1720: postfix - The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7....
vendor_debian·2011·CVSS 6.8
CVE-2011-1720 [MEDIUM] CVE-2011-1720: postfix - The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7....
The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
Scope: local
bookworm: resolved (fixed in 2.8.3-1)
bullseye: resolved (fixed in 2.8.3-1)
forky: resolved (fixed in 2.8.3-1)
sid: resolved (fixed in 2.8.3-1)
trixie: resolved (fixed in 2.8.3-1)
No detection rules found.
No public exploits indexed.
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00002.htmlhttp://secunia.com/advisories/44500http://security.gentoo.org/glsa/glsa-201206-33.xmlhttp://securityreason.com/securityalert/8247http://www.debian.org/security/2011/dsa-2233http://www.kb.cert.org/vuls/id/727230http://www.mail-archive.com/postfix-announce%40postfix.org/msg00007.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:090http://www.osvdb.org/72259http://www.postfix.org/CVE-2011-1720.htmlhttp://www.postfix.org/announcements/postfix-2.8.3.htmlhttp://www.securityfocus.com/archive/1/517917/100/0/threadedhttp://www.securityfocus.com/bid/47778http://www.securitytracker.com/id?1025521http://www.ubuntu.com/usn/usn-1131-1https://bugzilla.redhat.com/show_bug.cgi?id=699035https://exchange.xforce.ibmcloud.com/vulnerabilities/67359http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00002.htmlhttp://secunia.com/advisories/44500http://security.gentoo.org/glsa/glsa-201206-33.xmlhttp://securityreason.com/securityalert/8247http://www.debian.org/security/2011/dsa-2233http://www.kb.cert.org/vuls/id/727230http://www.mail-archive.com/postfix-announce%40postfix.org/msg00007.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:090http://www.osvdb.org/72259http://www.postfix.org/CVE-2011-1720.htmlhttp://www.postfix.org/announcements/postfix-2.8.3.htmlhttp://www.securityfocus.com/archive/1/517917/100/0/threadedhttp://www.securityfocus.com/bid/47778http://www.securitytracker.com/id?1025521http://www.ubuntu.com/usn/usn-1131-1https://bugzilla.redhat.com/show_bug.cgi?id=699035https://exchange.xforce.ibmcloud.com/vulnerabilities/67359
2011-05-13
Published