Arbitrary Code Execution

2020-04-1001:02:51

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

postfix is vulnerable to arbitrary code execution. A heap-based buffer over-read flaw was found in the way Postfix performed SASL handlers management for SMTP sessions, when Cyrus SASL authentication was enabled. A remote attacker could use this flaw to cause the Postfix smtpd server to crash via a specially-crafted SASL authentication request. The smtpd process was automatically restarted by the postfix master process after the time configured with service_throttle_time elapsed.

CPENameOperatorVersion
postfixeq2.2.10__1.1.el4
postfixeq2.2.10__1.2.el4
postfixeq2.2.10__1.4.el4
postfixeq2.2.10__1.2.1.el4_7
postfixeq2.3.3__2.1.el5_2
postfixeq2.6.6__2.el6
postfixeq2.3.3__2.2.el5_6
postfixeq2.6.6__2.1.el6_0
postfixeq2.2.10__1.1.el4
postfixeq2.2.10__1.2.el4

Name	Operator	Version
postfix	eq	2.2.10__1.1.el4
postfix	eq	2.2.10__1.2.el4
postfix	eq	2.2.10__1.4.el4
postfix	eq	2.2.10__1.2.1.el4_7
postfix	eq	2.3.3__2.1.el5_2
postfix	eq	2.6.6__2.el6
postfix	eq	2.3.3__2.2.el5_6
postfix	eq	2.6.6__2.1.el6_0
postfix	eq	2.2.10__1.1.el4
postfix	eq	2.2.10__1.2.el4