[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2011:0843-01 -- Redhat postfix

ID: oval:org.secpod.oval:def:500072Date: (C)2012-01-31   (M)2023-11-13
Class: PATCHFamily: unix




Postfix is a Mail Transport Agent , supporting LDAP, SMTP AUTH , and TLS. A heap-based buffer over-read flaw was found in the way Postfix performed SASL handlers management for SMTP sessions, when Cyrus SASL authentication was enabled. A remote attacker could use this flaw to cause the Postfix smtpd server to crash via a specially-crafted SASL authentication request. The smtpd process was automatically restarted by the postfix master process after the time configured with service_throttle_time elapsed. Note: Cyrus SASL authentication for Postfix is not enabled by default. Red Hat would like to thank the CERT/CC for reporting this issue. Upstream acknowledges Thomas Jarosch of Intra2net AG as the original reporter. Users of Postfix are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the postfix service will be restarted automatically.

Platform:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
Product:
postfix
Reference:
RHSA-2011:0843-01
CVE-2011-1720
CVE    1
CVE-2011-1720
CPE    113
cpe:/a:postfix:postfix:2.2.4
cpe:/a:postfix:postfix:2.6.0
cpe:/a:postfix:postfix:2.2.5
cpe:/a:postfix:postfix:2.6.1
...

© SecPod Technologies