CVE-2011-1720

Priority
Medium
Description
The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before
2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication
methods are enabled, does not create a new server handle after client
authentication fails, which allows remote attackers to cause a denial of
service (heap memory corruption and daemon crash) or possibly execute
arbitrary code via an invalid AUTH command with one method followed by an
AUTH command with a different method.
References
Package
Upstream:released (2.8.3)
More Information

Updated: 2018-06-26 04:40:47 UTC (commit 7799c934cca373482531a7b00e4dfe82302ceae5)