CVE-2011-1720
Summary
| CVE | CVE-2011-1720 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2011-05-13 17:05:00 UTC |
| Updated | 2023-11-07 02:07:00 UTC |
| Description | The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Postfix | Postfix | 2.0.0 | All | All | All |
| Application | Postfix | Postfix | 2.0.1 | All | All | All |
| Application | Postfix | Postfix | 2.0.10 | All | All | All |
| Application | Postfix | Postfix | 2.0.11 | All | All | All |
| Application | Postfix | Postfix | 2.0.12 | All | All | All |
| Application | Postfix | Postfix | 2.0.13 | All | All | All |
| Application | Postfix | Postfix | 2.0.14 | All | All | All |
| Application | Postfix | Postfix | 2.0.15 | All | All | All |
| Application | Postfix | Postfix | 2.0.16 | All | All | All |
| Application | Postfix | Postfix | 2.0.17 | All | All | All |
| Application | Postfix | Postfix | 2.0.18 | All | All | All |
| Application | Postfix | Postfix | 2.0.19 | All | All | All |
| Application | Postfix | Postfix | 2.0.2 | All | All | All |
| Application | Postfix | Postfix | 2.0.3 | All | All | All |
| Application | Postfix | Postfix | 2.0.4 | All | All | All |
| Application | Postfix | Postfix | 2.0.5 | All | All | All |
| Application | Postfix | Postfix | 2.0.6 | All | All | All |
| Application | Postfix | Postfix | 2.0.7 | All | All | All |
| Application | Postfix | Postfix | 2.0.8 | All | All | All |
| Application | Postfix | Postfix | 2.0.9 | All | All | All |
| Application | Postfix | Postfix | 2.1.0 | All | All | All |
| Application | Postfix | Postfix | 2.1.1 | All | All | All |
| Application | Postfix | Postfix | 2.1.2 | All | All | All |
| Application | Postfix | Postfix | 2.1.3 | All | All | All |
| Application | Postfix | Postfix | 2.1.4 | All | All | All |
| Application | Postfix | Postfix | 2.1.5 | All | All | All |
| Application | Postfix | Postfix | 2.1.6 | All | All | All |
| Application | Postfix | Postfix | 2.2.0 | All | All | All |
| Application | Postfix | Postfix | 2.2.1 | All | All | All |
| Application | Postfix | Postfix | 2.2.10 | All | All | All |
| Application | Postfix | Postfix | 2.2.11 | All | All | All |
| Application | Postfix | Postfix | 2.2.12 | All | All | All |
| Application | Postfix | Postfix | 2.2.2 | All | All | All |
| Application | Postfix | Postfix | 2.2.3 | All | All | All |
| Application | Postfix | Postfix | 2.2.4 | All | All | All |
| Application | Postfix | Postfix | 2.2.5 | All | All | All |
| Application | Postfix | Postfix | 2.2.6 | All | All | All |
| Application | Postfix | Postfix | 2.2.7 | All | All | All |
| Application | Postfix | Postfix | 2.2.8 | All | All | All |
| Application | Postfix | Postfix | 2.2.9 | All | All | All |
| Application | Postfix | Postfix | 2.3 | All | All | All |
| Application | Postfix | Postfix | 2.3.0 | All | All | All |
| Application | Postfix | Postfix | 2.3.1 | All | All | All |
| Application | Postfix | Postfix | 2.3.10 | All | All | All |
| Application | Postfix | Postfix | 2.3.11 | All | All | All |
| Application | Postfix | Postfix | 2.3.12 | All | All | All |
| Application | Postfix | Postfix | 2.3.13 | All | All | All |
| Application | Postfix | Postfix | 2.3.14 | All | All | All |
| Application | Postfix | Postfix | 2.3.15 | All | All | All |
| Application | Postfix | Postfix | 2.3.16 | All | All | All |
| Application | Postfix | Postfix | 2.3.17 | All | All | All |
| Application | Postfix | Postfix | 2.3.18 | All | All | All |
| Application | Postfix | Postfix | 2.3.19 | All | All | All |
| Application | Postfix | Postfix | 2.3.2 | All | All | All |
| Application | Postfix | Postfix | 2.3.3 | All | All | All |
| Application | Postfix | Postfix | 2.3.4 | All | All | All |
| Application | Postfix | Postfix | 2.3.5 | All | All | All |
| Application | Postfix | Postfix | 2.3.6 | All | All | All |
| Application | Postfix | Postfix | 2.3.7 | All | All | All |
| Application | Postfix | Postfix | 2.3.8 | All | All | All |
| Application | Postfix | Postfix | 2.3.9 | All | All | All |
| Application | Postfix | Postfix | 2.4 | All | All | All |
| Application | Postfix | Postfix | 2.4.0 | All | All | All |
| Application | Postfix | Postfix | 2.4.1 | All | All | All |
| Application | Postfix | Postfix | 2.4.10 | All | All | All |
| Application | Postfix | Postfix | 2.4.11 | All | All | All |
| Application | Postfix | Postfix | 2.4.12 | All | All | All |
| Application | Postfix | Postfix | 2.4.13 | All | All | All |
| Application | Postfix | Postfix | 2.4.14 | All | All | All |
| Application | Postfix | Postfix | 2.4.15 | All | All | All |
| Application | Postfix | Postfix | 2.4.2 | All | All | All |
| Application | Postfix | Postfix | 2.4.3 | All | All | All |
| Application | Postfix | Postfix | 2.4.4 | All | All | All |
| Application | Postfix | Postfix | 2.4.5 | All | All | All |
| Application | Postfix | Postfix | 2.4.6 | All | All | All |
| Application | Postfix | Postfix | 2.4.7 | All | All | All |
| Application | Postfix | Postfix | 2.4.8 | All | All | All |
| Application | Postfix | Postfix | 2.4.9 | All | All | All |
| Application | Postfix | Postfix | 2.5.0 | All | All | All |
| Application | Postfix | Postfix | 2.5.1 | All | All | All |
| Application | Postfix | Postfix | 2.5.10 | All | All | All |
| Application | Postfix | Postfix | 2.5.11 | All | All | All |
| Application | Postfix | Postfix | 2.5.12 | All | All | All |
| Application | Postfix | Postfix | 2.5.2 | All | All | All |
| Application | Postfix | Postfix | 2.5.3 | All | All | All |
| Application | Postfix | Postfix | 2.5.4 | All | All | All |
| Application | Postfix | Postfix | 2.5.5 | All | All | All |
| Application | Postfix | Postfix | 2.5.6 | All | All | All |
| Application | Postfix | Postfix | 2.5.7 | All | All | All |
| Application | Postfix | Postfix | 2.5.8 | All | All | All |
| Application | Postfix | Postfix | 2.5.9 | All | All | All |
| Application | Postfix | Postfix | 2.6 | All | All | All |
| Application | Postfix | Postfix | 2.6.0 | All | All | All |
| Application | Postfix | Postfix | 2.6.1 | All | All | All |
| Application | Postfix | Postfix | 2.6.2 | All | All | All |
| Application | Postfix | Postfix | 2.6.3 | All | All | All |
| Application | Postfix | Postfix | 2.6.4 | All | All | All |
| Application | Postfix | Postfix | 2.6.5 | All | All | All |
| Application | Postfix | Postfix | 2.6.6 | All | All | All |
| Application | Postfix | Postfix | 2.6.7 | All | All | All |
| Application | Postfix | Postfix | 2.6.8 | All | All | All |
| Application | Postfix | Postfix | 2.6.9 | All | All | All |
| Application | Postfix | Postfix | 2.7.0 | All | All | All |
| Application | Postfix | Postfix | 2.7.1 | All | All | All |
| Application | Postfix | Postfix | 2.7.2 | All | All | All |
| Application | Postfix | Postfix | 2.7.3 | All | All | All |
| Application | Postfix | Postfix | 2.8.0 | All | All | All |
| Application | Postfix | Postfix | 2.8.1 | All | All | All |
| Application | Postfix | Postfix | 2.8.2 | All | All | All |
| Application | Postfix | Postfix | 2.0.0 | All | All | All |
| Application | Postfix | Postfix | 2.0.1 | All | All | All |
| Application | Postfix | Postfix | 2.0.10 | All | All | All |
| Application | Postfix | Postfix | 2.0.11 | All | All | All |
| Application | Postfix | Postfix | 2.0.12 | All | All | All |
| Application | Postfix | Postfix | 2.0.13 | All | All | All |
| Application | Postfix | Postfix | 2.0.14 | All | All | All |
| Application | Postfix | Postfix | 2.0.15 | All | All | All |
| Application | Postfix | Postfix | 2.0.16 | All | All | All |
| Application | Postfix | Postfix | 2.0.17 | All | All | All |
| Application | Postfix | Postfix | 2.0.18 | All | All | All |
| Application | Postfix | Postfix | 2.0.19 | All | All | All |
| Application | Postfix | Postfix | 2.0.2 | All | All | All |
| Application | Postfix | Postfix | 2.0.3 | All | All | All |
| Application | Postfix | Postfix | 2.0.4 | All | All | All |
| Application | Postfix | Postfix | 2.0.5 | All | All | All |
| Application | Postfix | Postfix | 2.0.6 | All | All | All |
| Application | Postfix | Postfix | 2.0.7 | All | All | All |
| Application | Postfix | Postfix | 2.0.8 | All | All | All |
| Application | Postfix | Postfix | 2.0.9 | All | All | All |
| Application | Postfix | Postfix | 2.1.0 | All | All | All |
| Application | Postfix | Postfix | 2.1.1 | All | All | All |
| Application | Postfix | Postfix | 2.1.2 | All | All | All |
| Application | Postfix | Postfix | 2.1.3 | All | All | All |
| Application | Postfix | Postfix | 2.1.4 | All | All | All |
| Application | Postfix | Postfix | 2.1.5 | All | All | All |
| Application | Postfix | Postfix | 2.1.6 | All | All | All |
| Application | Postfix | Postfix | 2.2.0 | All | All | All |
| Application | Postfix | Postfix | 2.2.1 | All | All | All |
| Application | Postfix | Postfix | 2.2.10 | All | All | All |
| Application | Postfix | Postfix | 2.2.11 | All | All | All |
| Application | Postfix | Postfix | 2.2.12 | All | All | All |
| Application | Postfix | Postfix | 2.2.2 | All | All | All |
| Application | Postfix | Postfix | 2.2.3 | All | All | All |
| Application | Postfix | Postfix | 2.2.4 | All | All | All |
| Application | Postfix | Postfix | 2.2.5 | All | All | All |
| Application | Postfix | Postfix | 2.2.6 | All | All | All |
| Application | Postfix | Postfix | 2.2.7 | All | All | All |
| Application | Postfix | Postfix | 2.2.8 | All | All | All |
| Application | Postfix | Postfix | 2.2.9 | All | All | All |
| Application | Postfix | Postfix | 2.3 | All | All | All |
| Application | Postfix | Postfix | 2.3.0 | All | All | All |
| Application | Postfix | Postfix | 2.3.1 | All | All | All |
| Application | Postfix | Postfix | 2.3.10 | All | All | All |
| Application | Postfix | Postfix | 2.3.11 | All | All | All |
| Application | Postfix | Postfix | 2.3.12 | All | All | All |
| Application | Postfix | Postfix | 2.3.13 | All | All | All |
| Application | Postfix | Postfix | 2.3.14 | All | All | All |
| Application | Postfix | Postfix | 2.3.15 | All | All | All |
| Application | Postfix | Postfix | 2.3.16 | All | All | All |
| Application | Postfix | Postfix | 2.3.17 | All | All | All |
| Application | Postfix | Postfix | 2.3.18 | All | All | All |
| Application | Postfix | Postfix | 2.3.19 | All | All | All |
| Application | Postfix | Postfix | 2.3.2 | All | All | All |
| Application | Postfix | Postfix | 2.3.3 | All | All | All |
| Application | Postfix | Postfix | 2.3.4 | All | All | All |
| Application | Postfix | Postfix | 2.3.5 | All | All | All |
| Application | Postfix | Postfix | 2.3.6 | All | All | All |
| Application | Postfix | Postfix | 2.3.7 | All | All | All |
| Application | Postfix | Postfix | 2.3.8 | All | All | All |
| Application | Postfix | Postfix | 2.3.9 | All | All | All |
| Application | Postfix | Postfix | 2.4 | All | All | All |
| Application | Postfix | Postfix | 2.4.0 | All | All | All |
| Application | Postfix | Postfix | 2.4.1 | All | All | All |
| Application | Postfix | Postfix | 2.4.10 | All | All | All |
| Application | Postfix | Postfix | 2.4.11 | All | All | All |
| Application | Postfix | Postfix | 2.4.12 | All | All | All |
| Application | Postfix | Postfix | 2.4.13 | All | All | All |
| Application | Postfix | Postfix | 2.4.14 | All | All | All |
| Application | Postfix | Postfix | 2.4.15 | All | All | All |
| Application | Postfix | Postfix | 2.4.2 | All | All | All |
| Application | Postfix | Postfix | 2.4.3 | All | All | All |
| Application | Postfix | Postfix | 2.4.4 | All | All | All |
| Application | Postfix | Postfix | 2.4.5 | All | All | All |
| Application | Postfix | Postfix | 2.4.6 | All | All | All |
| Application | Postfix | Postfix | 2.4.7 | All | All | All |
| Application | Postfix | Postfix | 2.4.8 | All | All | All |
| Application | Postfix | Postfix | 2.4.9 | All | All | All |
| Application | Postfix | Postfix | 2.5.0 | All | All | All |
| Application | Postfix | Postfix | 2.5.1 | All | All | All |
| Application | Postfix | Postfix | 2.5.10 | All | All | All |
| Application | Postfix | Postfix | 2.5.11 | All | All | All |
| Application | Postfix | Postfix | 2.5.12 | All | All | All |
| Application | Postfix | Postfix | 2.5.2 | All | All | All |
| Application | Postfix | Postfix | 2.5.3 | All | All | All |
| Application | Postfix | Postfix | 2.5.4 | All | All | All |
| Application | Postfix | Postfix | 2.5.5 | All | All | All |
| Application | Postfix | Postfix | 2.5.6 | All | All | All |
| Application | Postfix | Postfix | 2.5.7 | All | All | All |
| Application | Postfix | Postfix | 2.5.8 | All | All | All |
| Application | Postfix | Postfix | 2.5.9 | All | All | All |
| Application | Postfix | Postfix | 2.6 | All | All | All |
| Application | Postfix | Postfix | 2.6.0 | All | All | All |
| Application | Postfix | Postfix | 2.6.1 | All | All | All |
| Application | Postfix | Postfix | 2.6.2 | All | All | All |
| Application | Postfix | Postfix | 2.6.3 | All | All | All |
| Application | Postfix | Postfix | 2.6.4 | All | All | All |
| Application | Postfix | Postfix | 2.6.5 | All | All | All |
| Application | Postfix | Postfix | 2.6.6 | All | All | All |
| Application | Postfix | Postfix | 2.6.7 | All | All | All |
| Application | Postfix | Postfix | 2.6.8 | All | All | All |
| Application | Postfix | Postfix | 2.6.9 | All | All | All |
| Application | Postfix | Postfix | 2.7.0 | All | All | All |
| Application | Postfix | Postfix | 2.7.1 | All | All | All |
| Application | Postfix | Postfix | 2.7.2 | All | All | All |
| Application | Postfix | Postfix | 2.7.3 | All | All | All |
| Application | Postfix | Postfix | 2.8.0 | All | All | All |
| Application | Postfix | Postfix | 2.8.1 | All | All | All |
| Application | Postfix | Postfix | 2.8.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720) | CONFIRM | www.postfix.org | Vendor Advisory |
| Support / Security / Advisories / / MDVSA-2011:090 | Mandriva | MANDRIVA | www.mandriva.com | |
| [security-announce] SUSE Security Announcement: postfix (SUSE-SA:2011:02 | SUSE | lists.opensuse.org | |
| Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-17 | www.mail-archive.com | ||
| 699035 – (CVE-2011-1720) CVE-2011-1720 postfix (smtpd): Crash due to improper management of SASL handlers for SMTP sessions | CONFIRM | bugzilla.redhat.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| 72259 | OSVDB | www.osvdb.org | |
| USN-1131-1: Postfix vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | |
| Gentoo Linux Documentation -- Postfix: Multiple vulnerabilities | GENTOO | security.gentoo.org | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Postfix releases 2.8.3, 2.7.4, 2.6.10 and 2.5.13 | CONFIRM | www.postfix.org | Vendor Advisory |
| US-CERT Vulnerability Note VU#727230 - Postfix SMTP server Cyrus SASL support contains a memory corruption vulnerability | CERT-VN | www.kb.cert.org | US Government Resource |
| Postfix SMTP SASL Authentication Context Data Reuse Vulnerability - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability | BID | www.securityfocus.com | Patch |
| Debian -- Security Information -- DSA-2233-1 postfix | DEBIAN | www.debian.org | |
| CXSecurity - IDS | SREASON | securityreason.com | |
| Postfix SASL Authentication Heap Overflow Lets Remote Users Deny Service - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-17 | MLIST | www.mail-archive.com | |
| Juniper Networks - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView | CONFIRM | kb.juniper.net | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.