| VID |
18111 |
| Severity |
30 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
According to its banner, the version of the Postfix mail server listening on this port is earlier than 2.5.13, 2.6.19, 2.7.4, or 2.8.3. Such versions may be vulnerable to a memory corruption attack if they have Cyrus SASL enabled and are allowing authentication methods other than ANONYMOUS, LOGIN, and PLAIN. Code execution as the unprivileged postfix user may also be possible.
* References:
http://www.postfix.org/CVE-2011-1720.html
http://archives.neohapsis.com/archives/bugtraq/2011-05/0065.html
* Platforms Affected:
Postfix 1.1.12 and earlier |
| Recommendation |
Upgrade to the latest version of Postfix (2.5.13/ 2.6.19/ 2.7.4/ 2.8.3 or later), available from the Postfix Web site at http://www.postfix.org/ |
| Related URL |
CVE-2011-1720 (CVE) |
| Related URL |
47778 (SecurityFocus) |
| Related URL |
(ISS) |
|
