Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2011-1720
Description:The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
Test IDs:  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2011-1720
BugTraq ID: 47778
Bugtraq: 20110509 Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720) (Google Search)
CERT/CC vulnerability note: VU#727230
Debian Security Information: DSA-2233 (Google Search)
SuSE Security Announcement: SUSE-SA:2011:023 (Google Search)
XForce ISS Database: postfix-cyrus-sasl-code-exec(67359)

© 1998-2023 E-Soft Inc. All rights reserved.