FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Postfix -- memory corruption vulnerability

Affected packages
2.8.*,1 <= postfix < 2.8.3,1
2.7.*,1 <= postfix < 2.7.4,1
2.6.*,1 <= postfix < 2.6.10,1
2.5.*,2 <= postfix < 2.5.13,2
postfix <= 2.4.16,1
2.8.*,1 <= postfix-base < 2.8.3,1
2.7.*,1 <= postfix-base < 2.7.4,1
2.6.*,1 <= postfix-base < 2.6.10,1
2.5.*,2 <= postfix-base < 2.5.13,2
postfix-base <= 2.4.16,1
postfix-current < 2.9.20110501,4
postfix-current-base < 2.9.20110501,4

Details

VuXML ID 3eb2c100-738b-11e0-89f4-001e90d46635
Discovery 2011-05-09
Entry 2011-05-09

The Postfix SMTP server has a memory corruption error, when the Cyrus SASL library is used with authentication mechanisms other than PLAIN and LOGIN (ANONYMOUS is not affected, but should not be used for other reasons). This memory corruption is known to result in a program crash (SIGSEV).

References

CVE Name CVE-2011-1720
URL http://www.postfix.org/CVE-2011-1720.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.