CVE-2011-1720

Publication date 11 May 2011

Last updated 24 July 2024

Ubuntu priority

The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
postfix	11.04 natty	Fixed 2.8.2-1ubuntu2.1
	10.10 maverick	Fixed 2.7.1-1ubuntu0.2
	10.04 LTS lucid	Fixed 2.7.0-1ubuntu0.2
	8.04 LTS hardy	Fixed 2.5.1-2ubuntu1.4
	6.06 LTS dapper	Fixed 2.2.10-1ubuntu0.4

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1131-1
Postfix vulnerability
11 May 2011

Other references

https://www.cve.org/CVERecord?id=CVE-2011-1720