Postfix Cyrus SASL Authentication Context Data Reuse Memory Corruption (exploit)

This script is Copyright (C) 2011-2017 Tenable Network Security, Inc.


Synopsis :

The remote mail server is affected by a memory corruption
vulnerability.

Description :

The Postfix mail server listening on this port appears vulnerable to
a memory corruption attack as Nessus was able to crash an SMTP session
with this host by using two different authentication methods in one
session.

Note that code execution as the unprivileged postfix user may also be
possible.

See also :

http://www.postfix.org/CVE-2011-1720.html
http://seclists.org/bugtraq/2011/May/64

Solution :

Upgrade to Postfix 2.5.13 / 2.6.19 / 2.7.4 / 2.8.3 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: SMTP problems

Nessus Plugin ID: 54584 ()

Bugtraq ID: 47778

CVE ID: CVE-2011-1720

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now