Fedora 14 : postfix-2.7.4-1.fc14 (2011-6771)

This is an update that fixes memory corruption in Postfix SMTP server Cyrus SASL support CVE-2011-1720. For original upstream announcement see: http://archives.neohapsis.com/archives/postfix/2011-05/0208.html Note that Tenable Network Security has extracted the preceding description block directl...

Fedora 13 : postfix-2.7.4-1.fc13 (2011-6777)

This is an update that fixes memory corruption in Postfix SMTP server Cyrus SASL support CVE-2011-1720. For original upstream announcement see: http://archives.neohapsis.com/archives/postfix/2011-05/0208.html Note that Tenable Network Security has extracted the preceding description block directl...

[SECURITY] Fedora 14 Update: postfix-2.7.4-1.fc14

Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, TLS...

[SECURITY] Fedora 13 Update: postfix-2.7.4-1.fc13

Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, TLS...

Ubuntu Update for postfix USN-1131-1

Ubuntu Update for Linux kernel vulnerabilities USN-1131-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN11311.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for postfix USN-1131-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...

Ubuntu: Security Advisory (USN-1131-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security fix for the ALT Linux 5 package postfix version 1:2.5.13-alt0.M50P.1

May 16, 2011 Gleb Fotengauer-Malinovskiy 1:2.5.13-alt0.M50P.1 - Backport to p5 fixes CVE-2011-1720...

DEBIAN-CVE-2011-1720

The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service...

CVE-2011-1720

The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service...

CVE-2011-1720

The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service...

CVE-2011-1720

The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service...

Memory corruption

The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service...

CVE-2011-1720

Summary: CVE-2011-1720 affects the Postfix SMTP server when Cyrus SASL authentication methods other than PLAIN/LOGIN are used. A memory corruption could occur after a client authentication failure, potentially leading to a heap corruption, daemon crash, or arbitrary code execution. What is affect...

CVE-2011-1720

The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service...

CVE-2011-1720

The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service...

Postfix SMTP Server Cyrus SASL支持内存破坏漏洞

BUGTRAQ ID: 47778 CVE ID: CVE-2011-1720 Postfix是Unix类操作系统中所使用的邮件传输代理。 Postfix SMTP Server在实现上存在Cyrus SASL支持内存破坏漏洞，在启用了Cyrus SASL支持时可影响SMTP服务器，远程攻击者可利用此漏洞执行任意代码或造成拒绝服务。 启用了SASL验证时，Postfix SMTP Server为每个SMTP会话创建了一个SASL句柄，在关闭SMTP连接前会一直使用此句柄。根据Cyrus SASL include源文件的注释，服务器在客户端验证失败后不应重新使用Cyrus...

openSUSE Security Update : pure-ftpd (openSUSE-SU-2011:0483-1)

Pure-ftpd is vulnerable to the STARTTLS command injection issue similar to CVE-2011-0411 of postfix. CVE-2011-1575 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...

openSUSE Security Update : postfix (openSUSE-SU-2011:0476-1)

Remote attackers could potentially exploit a memory corruption issue in postfix' SASL implementation to execute arbitrary code CVE-2011-1720. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

FreeBSD Ports: postfix, postfix-base

The remote host is missing an update to the system as announced in the referenced advisory. VID 14a6f516-502f-11e0-b448-bbfa2731f9c7 OpenVAS Vulnerability Test $ Description: Auto generated from VID 14a6f516-502f-11e0-b448-bbfa2731f9c7 Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

FreeBSD Ports: postfix, postfix-base

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...