EUVD-2001-0877

Malware in sbrugna...

CVE-2023-51764

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mail messages with ...

Postfix SMTP 4.2.x 4.2.48 - Shellshock Remote Command Injection

Postfix SMTP 4.2.x 4.2.48 - Shellshock Remote Command Injection !/bin/python Exploit Title: Shellshock SMTP Exploit Date: 10/3/2014 Exploit Author: fattymcwopr Vendor Homepage: gnu.org Software Link: http://ftp.gnu.org/gnu/bash/ Version: 4.2.x " argc = lensys.argv ifargc 3: usage sys.exit0 rport ...

Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock' Remote Command Injection

!/bin/python Exploit Title: Shellshock SMTP Exploit Date: 10/3/2014 Exploit Author: fattymcwopr Vendor Homepage: gnu.org Software Link: http://ftp.gnu.org/gnu/bash/ Version: 4.2.x " argc = lensys.argv ifargc 3: usage sys.exit0 rport = 25 rhost = sys.argv1 cmd = sys.argv2 headers = "To",...

smtp-vuln-cve2011-1720 NSE Script

Checks for a memory corruption in the Postfix SMTP server when it uses Cyrus SASL library authentication mechanisms CVE-2011-1720. This vulnerability can allow denial of service and possibly remote code execution. Reference: Script Arguments smtp.domain See the documentation for the smtp library...

Fedora 13 : postfix-2.7.4-1.fc13 (2011-6777)

This is an update that fixes memory corruption in Postfix SMTP server Cyrus SASL support CVE-2011-1720. For original upstream announcement see: http://archives.neohapsis.com/archives/postfix/2011-05/0208.html Note that Tenable Network Security has extracted the preceding description block directl...

CVE-2011-1720

The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service...

Postfix SMTP Server Cyrus SASL支持内存破坏漏洞

BUGTRAQ ID: 47778 CVE ID: CVE-2011-1720 Postfix是Unix类操作系统中所使用的邮件传输代理。 Postfix SMTP Server在实现上存在Cyrus SASL支持内存破坏漏洞，在启用了Cyrus SASL支持时可影响SMTP服务器，远程攻击者可利用此漏洞执行任意代码或造成拒绝服务。 启用了SASL验证时，Postfix SMTP Server为每个SMTP会话创建了一个SASL句柄，在关闭SMTP连接前会一直使用此句柄。根据Cyrus SASL include源文件的注释，服务器在客户端验证失败后不应重新使用Cyrus...

SuSE Update for postfix SUSE-SA:2010:011

Check for the Version of postfix OpenVAS Vulnerability Test SuSE Update for postfix SUSE-SA:2010:011 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

CVE-2001-0894

Postfix SMTP server (pre-20010228-pl07) is affected by a remote DoS: when configured to email the postmaster on SMTP errors, a storm of errors can cause the SMTP session log to grow, leading to memory exhaustion. Debian advisory DSA-093-1 and OpenVAS/NESL entries corroborate a remote DoS due to e...

CVE-2001-0894

Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service memory exhaustion by generating a large number of SMTP errors, which forces the SMTP session log...

Postfix session log memory exhaustion bugfix

The Postfix SMTP server maintains a record of SMTP conversations for debugging purposes. Depending on local configuration details this record is mailed to the postmaster whenever an SMTP session terminates with errors. During code maintenance, a stupid error was introduced into the code due to...

CVE-2001-0894

Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service memory exhaustion by generating a large number of SMTP errors, which forces the SMTP session log...