Vulnerability Details : CVE-2011-1720
The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service
Products affected by CVE-2011-1720
- cpe:2.3:a:postfix:postfix:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.3.13:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.3.14:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.3.16:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.3.17:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.3.15:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.3.18:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.3.19:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:postfix:postfix:2.8.1:*:*:*:*:*:*:*
Threat overview for CVE-2011-1720
Top countries where our scanners detected CVE-2011-1720
Top open port discovered on systems with this issue
22
IPs affected by CVE-2011-1720 7
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2011-1720!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2011-1720
88.66%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1720
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2011-1720
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1720
-
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00002.html
[security-announce] SUSE Security Announcement: postfix (SUSE-SA:2011:02
-
http://www.ubuntu.com/usn/usn-1131-1
USN-1131-1: Postfix vulnerability | Ubuntu security notices
-
http://www.postfix.org/CVE-2011-1720.html
Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720)Vendor Advisory
-
http://www.postfix.org/announcements/postfix-2.8.3.html
Postfix releases 2.8.3, 2.7.4, 2.6.10 and 2.5.13Vendor Advisory
-
http://www.securityfocus.com/archive/1/517917/100/0/threaded
SecurityFocus
-
http://securityreason.com/securityalert/8247
Memory corruption in Postfix SMTP server Cyrus SASL - CXSecurity.com
-
http://www.debian.org/security/2011/dsa-2233
Debian -- Security Information -- DSA-2233-1 postfix
-
http://www.mail-archive.com/postfix-announce@postfix.org/msg00007.html
Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720)
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Juniper Networks - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView
-
http://www.kb.cert.org/vuls/id/727230
VU#727230 - Postfix SMTP server Cyrus SASL support contains a memory corruption vulnerabilityUS Government Resource
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:090
mandriva.com
-
http://www.securitytracker.com/id?1025521
Postfix SASL Authentication Heap Overflow Lets Remote Users Deny Service - SecurityTracker
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/67359
Postfix Cyrus SASL library in the SMTP server code execution CVE-2011-1720 Vulnerability Report
-
http://www.securityfocus.com/bid/47778
Postfix SMTP Server Cyrus SASL Support Memory Corruption VulnerabilityPatch
-
http://security.gentoo.org/glsa/glsa-201206-33.xml
Postfix: Multiple vulnerabilities (GLSA 201206-33) — Gentoo security
-
https://bugzilla.redhat.com/show_bug.cgi?id=699035
699035 – (CVE-2011-1720) CVE-2011-1720 postfix (smtpd): Crash due to improper management of SASL handlers for SMTP sessions
Jump to