Launchpad.net

CVE 2011-1720

The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.

Related bugs and status

CVE-2011-1720 (Candidate) is related to these bugs:

Bug #869411: SRU tracking bug for postfix 2.8.2 -> 2.8.5 for natty

Summary				In	Importance	Status
	869411	SRU tracking bug for postfix 2.8.2 -> 2.8.5 for natty		postfix (Ubuntu)	Undecided	Invalid
	869411	SRU tracking bug for postfix 2.8.2 -> 2.8.5 for natty		postfix (Ubuntu Natty)	Wishlist	Fix Released

Bug #2018238: postfix: autopkgtest fails with saslauthd.service installed

Summary				In	Importance	Status
	2018238	postfix: autopkgtest fails with saslauthd.service installed		postfix (Ubuntu)	Medium	Fix Released
	2018238	postfix: autopkgtest fails with saslauthd.service installed		postfix (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-1720

Related bugs and status

Related bugs

References