Scientific Linux Security Update : postfix on SL4.x, SL5.x i386/x86_64
Medium Nessus Plugin ID 61060
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionPostfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), and TLS.
A heap-based buffer over-read flaw was found in the way Postfix performed SASL handlers management for SMTP sessions, when Cyrus SASL authentication was enabled. A remote attacker could use this flaw to cause the Postfix smtpd server to crash via a specially crafted SASL authentication request. The smtpd process was automatically restarted by the postfix master process after the time configured with service_throttle_time elapsed. (CVE-2011-1720)
Note: Cyrus SASL authentication for Postfix is not enabled by default.
Users of Postfix are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the postfix service will be restarted automatically.
SolutionUpdate the affected postfix, postfix-debuginfo and / or postfix-pflogsumm packages.