- Vulnerability/
- RHSA-2011:0843
RHSA-2011:0843: Moderate: postfix security update
First published: Tue May 31 2011(Updated: )
Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),<br>and TLS.<br>A heap-based buffer over-read flaw was found in the way Postfix performed<br>SASL handlers management for SMTP sessions, when Cyrus SASL authentication<br>was enabled. A remote attacker could use this flaw to cause the Postfix<br>smtpd server to crash via a specially-crafted SASL authentication request.<br>The smtpd process was automatically restarted by the postfix master process<br>after the time configured with service_throttle_time elapsed.<br>(CVE-2011-1720)<br>Note: Cyrus SASL authentication for Postfix is not enabled by default.<br>Red Hat would like to thank the CERT/CC for reporting this issue. Upstream<br>acknowledges Thomas Jarosch of Intra2net AG as the original reporter.<br>Users of Postfix are advised to upgrade to these updated packages, which<br>contain a backported patch to resolve this issue. After installing this<br>update, the postfix service will be restarted automatically.<br>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/postfix | <2.6.6-2.2.el6_1 | 2.6.6-2.2.el6_1 |
| redhat/postfix | <2.6.6-2.2.el6_1 | 2.6.6-2.2.el6_1 |
| redhat/postfix-debuginfo | <2.6.6-2.2.el6_1 | 2.6.6-2.2.el6_1 |
| redhat/postfix-perl-scripts | <2.6.6-2.2.el6_1 | 2.6.6-2.2.el6_1 |
| redhat/postfix-debuginfo | <2.6.6-2.2.el6_1 | 2.6.6-2.2.el6_1 |
| redhat/postfix-perl-scripts | <2.6.6-2.2.el6_1 | 2.6.6-2.2.el6_1 |
| redhat/postfix | <2.3.3-2.3.el5_6 | 2.3.3-2.3.el5_6 |
| redhat/postfix | <2.3.3-2.3.el5_6 | 2.3.3-2.3.el5_6 |
| redhat/postfix-pflogsumm | <2.3.3-2.3.el5_6 | 2.3.3-2.3.el5_6 |
| redhat/postfix-pflogsumm | <2.3.3-2.3.el5_6 | 2.3.3-2.3.el5_6 |
| redhat/postfix | <2.2.10-1.5.el4 | 2.2.10-1.5.el4 |
| redhat/postfix | <2.2.10-1.5.el4 | 2.2.10-1.5.el4 |
| redhat/postfix-pflogsumm | <2.2.10-1.5.el4 | 2.2.10-1.5.el4 |
| redhat/postfix-pflogsumm | <2.2.10-1.5.el4 | 2.2.10-1.5.el4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of RHSA-2011:0843?
The severity of RHSA-2011:0843 is classified as moderate.
How do I fix RHSA-2011:0843?
To fix RHSA-2011:0843, upgrade Postfix and its related packages to version 2.6.6-2.2.el6_1 or the specified remedial versions.
Which versions of Postfix are affected by RHSA-2011:0843?
The affected versions of Postfix in RHSA-2011:0843 include 2.6.6 and 2.3.3 and earlier versions.
What type of vulnerability is cited in RHSA-2011:0843?
RHSA-2011:0843 describes a heap-based buffer over-read flaw in Postfix when using Cyrus SASL authentication.
Can RHSA-2011:0843 be exploited remotely?
Yes, a remote attacker could potentially exploit the vulnerability outlined in RHSA-2011:0843 if SASL authentication is enabled.
- collector/redhat-errata
- anchor-id/RHSA-2011:0843
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- package-manager/redhat