Summary
This host is running Postfix SMTP server and is prone to memory corruption vulnerability.
Impact
Successful exploitation could allow remote attackers to cause a denial of service or possibly execute arbitrary code.
Impact Level: Application
Solution
Upgrade to Postfix version 2.5.13, 2.6.10, 2.7.4, or 2.8.3 or later For updates refer to http://www.postfix.org/
Insight
The flaw is caused by a memory corruption error in the Cyrus SASL library when used with 'CRAM-MD5' or 'DIGEST-MD5' authentication mechanisms, which could allow remote attackers to crash an affected server or execute arbitrary code.
Affected
Postfix versions before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3
References
Severity
Classification
-
CVE CVE-2011-1720 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities