Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2011 SecPodOPENVAS:1361412562310902517
HistoryMay 26, 2011 - 12:00 a.m.

Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability

2011-05-2600:00:00
Copyright (C) 2011 SecPod
plugins.openvas.org
24

0.887 High

EPSS

Percentile

98.4%

JSON

This host is running Postfix SMTP server and is prone to memory
corruption vulnerability.

###############################################################################
# OpenVAS Vulnerability Test
# $Id: secpod_postfix_cyrus_sasl_memory_corruption_vuln.nasl 13461 2019-02-05 09:33:31Z cfischer $
#
# Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability
#
# Authors:
# Sooraj KS <[email protected]>
#
# Copyright:
# Copyright (c) 2011 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

CPE = "cpe:/a:postfix:postfix";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.902517");
  script_version("$Revision: 13461 $");
  script_tag(name:"last_modification", value:"$Date: 2019-02-05 10:33:31 +0100 (Tue, 05 Feb 2019) $");
  script_tag(name:"creation_date", value:"2011-05-26 10:47:46 +0200 (Thu, 26 May 2011)");
  script_cve_id("CVE-2011-1720");
  script_bugtraq_id(47778);
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_name("Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability");

  script_xref(name:"URL", value:"http://secunia.com/advisories/44500");
  script_xref(name:"URL", value:"http://www.kb.cert.org/vuls/id/727230");
  script_xref(name:"URL", value:"http://xforce.iss.net/xforce/xfdb/67359");
  script_xref(name:"URL", value:"http://www.postfix.org/CVE-2011-1720.html");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 SecPod");
  script_family("SMTP problems");
  script_dependencies("sw_postfix_detect.nasl");
  script_require_ports("Services/smtp", 25, 465, 587);
  script_mandatory_keys("postfix/smtp/detected", "smtp/auth_methods/available");

  script_tag(name:"impact", value:"Successful exploitation could allow remote attackers to cause a denial of
  service or possibly execute arbitrary code.");

  script_tag(name:"affected", value:"Postfix versions before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4,
  and 2.8.x before 2.8.3.");

  script_tag(name:"insight", value:"The flaw is caused by a memory corruption error in the Cyrus SASL library
  when used with 'CRAM-MD5' or 'DIGEST-MD5' authentication mechanisms, which could allow remote attackers to
  crash an affected server or execute arbitrary code.");

  script_tag(name:"solution", value:"Upgrade to Postfix version 2.5.13, 2.6.10, 2.7.4, or 2.8.3 or later.");

  script_tag(name:"summary", value:"This host is running Postfix SMTP server and is prone to memory
  corruption vulnerability.");

  script_tag(name:"qod_type", value:"remote_banner_unreliable");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("version_func.inc");
include("host_details.inc");
include("misc_func.inc");

if( ! port = get_app_port( cpe:CPE ) )
  exit( 0 );

if( ! vers = get_app_version( cpe:CPE, port:port ) )
  exit( 0 );

if(version_is_less(version:vers, test_version:"2.5.13") ||
   version_in_range(version:vers, test_version:"2.6", test_version2:"2.6.9") ||
   version_in_range(version:vers, test_version:"2.7", test_version2:"2.7.3") ||
   version_in_range(version:vers, test_version:"2.8", test_version2:"2.8.2")) {

  auths = get_kb_list( "smtp/fingerprints/" + port + "/authlist" );
  if( ! auths || ! is_array( auths ) )
    exit( 0 );

  if( in_array( search:"DIGEST-MD5", array:auths, part_match:FALSE ) ||
      in_array( search:"CRAM-MD5", array:auths, part_match:FALSE ) ) {
    report = report_fixed_ver(installed_version:vers, fixed_version:"2.5.13, 2.6.10, 2.7.4, or 2.8.3 or later");
    security_message(port:port, data:report);
    exit(0);
  }
}

exit(99);

Related

openvas 25
nessus 21
cve 1
prion 1
redhat 1
altlinux 2
suse 1
seebug 1
ubuntucve 1
debiancve 1
securityvulns 2
veracode 1
cert 1
checkpoint_advisories 1
oraclelinux 1
centos 1
fedora 3
freebsd 1
ubuntu 1
gentoo 1
nmap 1
osv 1
debian 1
thn 1
kitploit 2
openvas
openvas
RedHat Update for postfix RHSA-2011:0843-01
2011-06-06 00:00:00
CentOS Update for postfix CESA-2011:0843 centos4 x86_64
2012-07-30 00:00:00
CentOS Update for postfix CESA-2011:0843 centos4 i386
2011-06-06 00:00:00
nessus
nessus
Postfix Cyrus SASL Authentication Context Data Reuse Memory Corruption (exploit)
2011-05-19 00:00:00
openSUSE Security Update : postfix (openSUSE-SU-2011:0476-1)
2014-06-13 00:00:00
Mandriva Linux Security Advisory : postfix (MDVSA-2011:090)
2011-05-18 00:00:00
cve
cve
CVE-2011-1720
2011-05-13 17:05:00
prion
prion
Memory corruption
2011-05-13 17:05:00
redhat
redhat
(RHSA-2011:0843) Moderate: postfix security update
2011-05-31 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package postfix version 1:2.5.13-alt0.M50P.1
2011-05-16 00:00:00
Security fix for the ALT Linux 5 package postfix version 1:2.5.13-alt1
2011-05-09 00:00:00
suse
suse
remote code execution in postfix
2011-05-11 11:23:15
seebug
seebug
Postfix SMTP Server Cyrus SASL支持内存破坏漏洞
2011-05-13 00:00:00
ubuntucve
ubuntucve
CVE-2011-1720
2011-05-11 00:00:00
debiancve
debiancve
CVE-2011-1720
2011-05-13 17:05:00
securityvulns
securityvulns
Memory corruption in Postfix SMTP server Cyrus SASL support &#40;CVE-2011-1720&#41;
2011-05-10 00:00:00
Postfix memory corruption
2011-05-10 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:02:51
cert
cert
Postfix SMTP server Cyrus SASL support contains a memory corruption vulnerability
2011-05-11 00:00:00
checkpoint_advisories
checkpoint_advisories
Postfix SMTP Server SASL Authentication Memory Corruption (CVE-2011-1720)
2011-08-16 00:00:00
oraclelinux
oraclelinux
postfix security update
2011-05-31 00:00:00
centos
centos
postfix security update
2011-05-31 16:58:29
fedora
fedora
[SECURITY] Fedora 15 Update: postfix-2.8.3-1.fc15
2011-05-19 04:32:49
[SECURITY] Fedora 14 Update: postfix-2.7.4-1.fc14
2011-05-17 20:55:15
[SECURITY] Fedora 13 Update: postfix-2.7.4-1.fc13
2011-05-17 20:55:09
freebsd
freebsd
Postfix -- memory corruption vulnerability
2011-05-09 00:00:00
ubuntu
ubuntu
Postfix vulnerability
2011-05-11 00:00:00
gentoo
gentoo
Postfix: Multiple vulnerabilities
2012-06-25 00:00:00
nmap
nmap
smtp-vuln-cve2011-1720 NSE Script
2011-05-19 18:19:56
osv
osv
postfix - several
2011-05-10 00:00:00
debian
debian
[SECURITY] [DSA 2233-1] postfix security update
2011-05-10 17:57:47
thn
thn
Nmap 5.59 BETA1 - 40 new NSE scripts & improved IPv6
2011-07-01 11:41:00
kitploit
kitploit
Vision2 - Nmap's XML result parse and NVD's CPE correlation to search CVE
2017-09-08 13:30:00
Jok3R - Network And Web Pentest Framework
2019-01-23 12:25:00

0.887 High

EPSS

Percentile

98.4%

JSON
Related for OPENVAS:1361412562310902517
openvas25nessus21cve1prion1redhat1altlinux2suse1seebug1ubuntucve1debiancve1securityvulns2veracode1cert1checkpoint_advisories1oraclelinux1centos1fedora3freebsd1ubuntu1gentoo1nmap1osv1debian1thn1kitploit2