858 matches found
USN-1131-1: Postfix vulnerability
Thomas Jarosch discovered that Postfix incorrectly handled authentication mechanisms other than PLAIN and LOGIN when the Cyrus SASL library is used. A remote attacker could use this to cause Postfix to crash, leading to a denial of service, or possibly execute arbitrary code as the postfix user...
CVE-2011-1720
The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service...
SuSE9 Security Update : Postfix (YOU Patch Number 12707)
The following bugs have been fixed : - Remote attackers could potentially exploit a memory corruption issue in postfix' SASL implementation to execute arbitrary code. CVE-2011-1720 - Also Postfix did not clear the receive buffer after the STARTTLS command. A man-in-the middle could therefore inje...
Debian DSA-2233-1 : postfix - several vulnerabilities
Several vulnerabilities were discovered in Postfix, a mail transfer agent. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2939 The postinst script grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to...
Postfix SMTP server Cyrus SASL support contains a memory corruption vulnerability
Overview The Postfix SMTP server has a memory corruption error when the Cyrus SASL library is used with authentication mechanisms other than PLAIN and LOGIN. Description The Postfix Advisory for CVE-2011-1720 states:"The Postfix SMTP server fails to create a new Cyrus SASL server handle after...
[SECURITY] [DSA 2233-1] postfix security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2233-1 [email protected] http://www.debian.org/security/ Florian Weimer May 10, 2011 http://www.debian.org/security/faq -...
DSA-2233-1 postfix - several
Bulletin has no description...
Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720)
On-line version will be at http://www.postfix.org/CVE-2011-1720.html Summary ======= The Postfix SMTP server has a memory corruption error when the Cyrus SASL library is used with authentication mechanisms other than PLAIN and LOGIN the ANONYMOUS mechanism is unaffected but should not be enabled...
SuSE 11.1 Security Update : postfix (SAT Patch Number 4478)
Remote attackers could have potentially exploited a memory corruption issue in postfix' SASL implementation to execute arbitrary code CVE-2011-1720. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
Postfix memory corruption
Memory corruption if Cyrus SASL library is used for CRAM authentications...
Ubuntu: Security Advisory (USN-1113-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu Update for postfix USN-1113-1
Ubuntu Update for Linux kernel vulnerabilities USN-1113-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN11131.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for postfix USN-1113-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...
SuSE 10 Security Update : postfix (ZYPP Patch Number 7503)
Remote attackers could have potentially exploited a memory corruption issue in postfix' SASL implementation to execute arbitrary code CVE-2011-1720. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...
FreeBSD : Postfix -- memory corruption vulnerability (3eb2c100-738b-11e0-89f4-001e90d46635)
The Postfix SMTP server has a memory corruption error, when the Cyrus SASL library is used with authentication mechanisms other than PLAIN and LOGIN ANONYMOUS is not affected, but should not be used for other reasons. This memory corruption is known to result in a program crash SIGSEV...
Security fix for the ALT Linux 5 package postfix version 1:2.5.13-alt1
May 9, 2011 Dmitry V. Levin 1:2.5.13-alt1 - Updated to 2.5.13 fixes CVE-2011-1720 in SMTP server Cyrus SASL support...
Postfix -- memory corruption vulnerability
The Postfix SMTP server has a memory corruption error, when the Cyrus SASL library is used with authentication mechanisms other than PLAIN and LOGIN ANONYMOUS is not affected, but should not be used for other reasons. This memory corruption is known to result in a program crash SIGSEV...
openSUSE Security Update : postfix (openSUSE-SU-2011:0389-1)
postfix did not clear the receive buffer after the STARTTLS command. A man-in-the middle could therefore inject commands in the unencrypted stream that get interpreted in the encrypted phase after STARTTLS CVE-2011-0411. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...
SuSE 10 Security Update : Postfix (ZYPP Patch Number 7387)
The following bug has been fixed : - Postfix did not clear the receive buffer after the STARTTLS command. A man-in-the middle could therefore inject commands in the unencrypted stream that get interpreted in the encrypted phase after STARTTLS. CVE-2011-0411 %NASLMINLEVEL 70300 C Tenable Network...
SuSE 11.1 Security Update : Postfix (SAT Patch Number 4177)
The following bug has been fixed : - Postfix did not clear the receive buffer after the STARTTLS command. A man-in-the middle could therefore inject commands in the unencrypted stream that get interpreted in the encrypted phase after STARTTLS. CVE-2011-0411 %NASLMINLEVEL 70300 C Tenable Network...
USN-1113-1: Postfix vulnerabilities
It was discovered that the Postfix package incorrectly granted write access on the PID directory to the postfix user. A local attacker could use this flaw to possibly conduct a symlink attack and overwrite arbitrary files. This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. CVE-2009-2939 Wiets...