Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 SMTP:EXPLOIT:POSTFIX-AUT-REUSE1

Severity

 High

Recommended

 No

Category

 SMTP

Keywords

 Postfix SMTP Server SASL AUTH Handle Reuse Memory Corruption1

Release Date

 2016/02/11

Update Number

 2644

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vsrx-12.1+

SMTP: Postfix SMTP Server SASL AUTH Handle Reuse Memory Corruption1


A memory corruption vulnerability exists in Postfix SMTP server when the Cyrus SASL library is used with authentication mechanisms other than PLAIN, LOGIN and ANONYMOUS. This vulnerability is due to the Postfix server's reuse of a SASL server handle after an authentication failure. This could result in code execution in the context of the process, which is usually run in the context of the user "postfix".

Extended Description

The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.

Affected Products

  • postfix 2.0.0
  • postfix 2.0.1
  • postfix 2.0.10
  • postfix 2.0.11
  • postfix 2.0.12
  • postfix 2.0.13
  • postfix 2.0.14
  • postfix 2.0.15
  • postfix 2.0.16
  • postfix 2.0.17
  • postfix 2.0.18
  • postfix 2.0.19
  • postfix 2.0.2
  • postfix 2.0.3
  • postfix 2.0.4
  • postfix 2.0.5
  • postfix 2.0.6
  • postfix 2.0.7
  • postfix 2.0.8
  • postfix 2.0.9
  • postfix 2.1.0
  • postfix 2.1.1
  • postfix 2.1.2
  • postfix 2.1.3
  • postfix 2.1.4
  • postfix 2.1.5
  • postfix 2.1.6
  • postfix 2.2.0
  • postfix 2.2.1
  • postfix 2.2.10
  • postfix 2.2.11
  • postfix 2.2.12
  • postfix 2.2.2
  • postfix 2.2.3
  • postfix 2.2.4
  • postfix 2.2.5
  • postfix 2.2.6
  • postfix 2.2.7
  • postfix 2.2.8
  • postfix 2.2.9
  • postfix 2.3
  • postfix 2.3.0
  • postfix 2.3.1
  • postfix 2.3.10
  • postfix 2.3.11
  • postfix 2.3.12
  • postfix 2.3.13
  • postfix 2.3.14
  • postfix 2.3.15
  • postfix 2.3.16
  • postfix 2.3.17
  • postfix 2.3.18
  • postfix 2.3.19
  • postfix 2.3.2
  • postfix 2.3.3
  • postfix 2.3.4
  • postfix 2.3.5
  • postfix 2.3.6
  • postfix 2.3.7
  • postfix 2.3.8
  • postfix 2.3.9
  • postfix 2.4
  • postfix 2.4.0
  • postfix 2.4.1
  • postfix 2.4.10
  • postfix 2.4.11
  • postfix 2.4.12
  • postfix 2.4.13
  • postfix 2.4.14
  • postfix 2.4.15
  • postfix 2.4.2
  • postfix 2.4.3
  • postfix 2.4.4
  • postfix 2.4.5
  • postfix 2.4.6
  • postfix 2.4.7
  • postfix 2.4.8
  • postfix 2.4.9
  • postfix 2.5.0
  • postfix 2.5.1
  • postfix 2.5.10
  • postfix 2.5.11
  • postfix 2.5.12
  • postfix 2.5.2
  • postfix 2.5.3
  • postfix 2.5.4
  • postfix 2.5.5
  • postfix 2.5.6
  • postfix 2.5.7
  • postfix 2.5.8
  • postfix 2.5.9
  • postfix 2.6
  • postfix 2.6.0
  • postfix 2.6.1
  • postfix 2.6.2
  • postfix 2.6.3
  • postfix 2.6.4
  • postfix 2.6.5
  • postfix 2.6.6
  • postfix 2.6.7
  • postfix 2.6.8
  • postfix 2.6.9
  • postfix 2.7.0
  • postfix 2.7.1
  • postfix 2.7.2
  • postfix 2.7.3
  • postfix 2.8.0
  • postfix 2.8.1
  • postfix 2.8.2

References

  • BugTraq: 47778
  • CVE: CVE-2011-1720

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out