6.8 - USN-1131-1

Executive Summary

Summary
Title	Postfix vulnerability

Informations
Name	USN-1131-1	First vendor Publication	2011-05-11
Vendor	Ubuntu	Last vendor Modification	2011-05-11
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	6.8	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS - Ubuntu 6.06 LTS

Summary:

An attacker could send crafted input to Postfix and cause it to crash or run programs.

Software Description: - postfix: High-performance mail transport agent

Details:

Thomas Jarosch discovered that Postfix incorrectly handled authentication mechanisms other than PLAIN and LOGIN when the Cyrus SASL library is used. A remote attacker could use this to cause Postfix to crash, leading to a denial of service, or possibly execute arbitrary code as the postfix user.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 11.04:
postfix 2.8.2-1ubuntu2.1

Ubuntu 10.10:
postfix 2.7.1-1ubuntu0.2

Ubuntu 10.04 LTS:
postfix 2.7.0-1ubuntu0.2

Ubuntu 8.04 LTS:
postfix 2.5.1-2ubuntu1.4

Ubuntu 6.06 LTS:
postfix 2.2.10-1ubuntu0.4

In general, a standard system update will make all the necessary changes.

References:
CVE-2011-1720

Package Information:
https://launchpad.net/ubuntu/+source/postfix/2.8.2-1ubuntu2.1
https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.2
https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.2
https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.4
https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.4

Original Source

Url : http://www.ubuntu.com/usn/USN-1131-1

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13019

Oval ID:	oval:org.mitre.oval:def:13019
Title:	DSA-2233-1 postfix -- several
Description:	Several vulnerabilities were discovered in Postfix, a mail transfer agent. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2939 The postinst script grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files. CVE-2011-0411 The STARTTLS implementation does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place. CVE-2011-1720 A heap-based read-only buffer overflow allows malicious clients to crash the smtpd server process using a crafted SASL authentication request.
Family:	unix	Class:	patch
Reference(s):	DSA-2233-1 CVE-2009-2939 CVE-2011-0411 CVE-2011-1720	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	postfix
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND postfix DPKG is earlier than 2.5.5-1.1+lenny1 OR Release section Debian 6.0 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND Installed architecture is all AND postfix DPKG is earlier than 2.7.1-1+squeeze1

Definition Id: oval:org.mitre.oval:def:13968

Oval ID:	oval:org.mitre.oval:def:13968
Title:	USN-1131-1 -- postfix vulnerability
Description:	postfix: High-performance mail transport agent An attacker could send crafted input to Postfix and cause it to crash or run programs.
Family:	unix	Class:	patch
Reference(s):	USN-1131-1 CVE-2011-1720	Version:	5
Platform(s):	Ubuntu 8.04 Ubuntu 10.10 Ubuntu 6.06 Ubuntu 10.04	Product(s):	postfix
Definition Synopsis:
Release section Ubuntu 8.04 is installed AND Installed architecture is all AND postfix DPKG is earlier than 2.5.1-2ubuntu1.4 OR Release section Ubuntu 10.10 is installed AND Installed architecture is all AND postfix DPKG is earlier than 2.7.1-1ubuntu0.2 OR Release section Ubuntu 6.06 is installed AND Installed architecture is all AND postfix DPKG is earlier than 2.2.10-1ubuntu0.4 OR Release section Ubuntu 10.04 is installed AND Installed architecture is all AND postfix DPKG is earlier than 2.7.0-1ubuntu0.2

Definition Id: oval:org.mitre.oval:def:21899

Oval ID:	oval:org.mitre.oval:def:21899
Title:	RHSA-2011:0843: postfix security update (Moderate)
Description:	The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
Family:	unix	Class:	patch
Reference(s):	RHSA-2011:0843-01 CVE-2011-1720 CESA-2011:0843-CentOS 5	Version:	6
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	postfix
Definition Synopsis:
Red Hat Enterprise Linux 5 and CentOS Linux 5 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages match section postfix is earlier than 2:2.3.3-2.3.el5_6 AND postfix-pflogsumm is earlier than 2:2.3.3-2.3.el5_6 AND Red Hat Enterprise Linux 6 release section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages match section postfix is earlier than 2:2.6.6-2.2.el6_1 AND postfix-debuginfo is earlier than 2:2.6.6-2.2.el6_1 AND postfix-perl-scripts is earlier than 2:2.6.6-2.2.el6_1

Definition Id: oval:org.mitre.oval:def:23665

Oval ID:	oval:org.mitre.oval:def:23665
Title:	ELSA-2011:0843: postfix security update (Moderate)
Description:	The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
Family:	unix	Class:	patch
Reference(s):	ELSA-2011:0843-01 CVE-2011-1720	Version:	6
Platform(s):	Oracle Linux 6	Product(s):	postfix
Definition Synopsis:
Oracle Linux 6.x rpm test postfix-perl-scripts is earlier than 2:2.6.6-2.2.el6_1 AND postfix is earlier than 2:2.6.6-2.2.el6_1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Postfix cpe:2.3:a:postfix:postfix:2.8.2:::::::* cpe:2.3:a:postfix:postfix:2.8.1:::::::* cpe:2.3:a:postfix:postfix:2.8.0:::::::* cpe:2.3:a:postfix:postfix:2.7.3:::::::* cpe:2.3:a:postfix:postfix:2.7.2:::::::* cpe:2.3:a:postfix:postfix:2.7.1:::::::* cpe:2.3:a:postfix:postfix:2.7.0:::::::* cpe:2.3:a:postfix:postfix:2.6.9:::::::* cpe:2.3:a:postfix:postfix:2.6.8:::::::* cpe:2.3:a:postfix:postfix:2.6.7:::::::* cpe:2.3:a:postfix:postfix:2.6.6:::::::* cpe:2.3:a:postfix:postfix:2.6.5:::::::* cpe:2.3:a:postfix:postfix:2.6.4:::::::* cpe:2.3:a:postfix:postfix:2.6.3:::::::* cpe:2.3:a:postfix:postfix:2.6.2:::::::* cpe:2.3:a:postfix:postfix:2.6.1:::::::* cpe:2.3:a:postfix:postfix:2.6.0:::::::* cpe:2.3:a:postfix:postfix:2.6:::::::* cpe:2.3:a:postfix:postfix:2.5.9:::::::* cpe:2.3:a:postfix:postfix:2.5.8:::::::* cpe:2.3:a:postfix:postfix:2.5.7:::::::* cpe:2.3:a:postfix:postfix:2.5.6:::::::* cpe:2.3:a:postfix:postfix:2.5.5:::::::* cpe:2.3:a:postfix:postfix:2.5.4:::::::* cpe:2.3:a:postfix:postfix:2.5.3:::::::* cpe:2.3:a:postfix:postfix:2.5.2:::::::* cpe:2.3:a:postfix:postfix:2.5.12:::::::* cpe:2.3:a:postfix:postfix:2.5.11:::::::* cpe:2.3:a:postfix:postfix:2.5.10:::::::* cpe:2.3:a:postfix:postfix:2.5.1:::::::* cpe:2.3:a:postfix:postfix:2.5.0:::::::* cpe:2.3:a:postfix:postfix:2.4.9:::::::* cpe:2.3:a:postfix:postfix:2.4.8:::::::* cpe:2.3:a:postfix:postfix:2.4.7:::::::* cpe:2.3:a:postfix:postfix:2.4.6:::::::* cpe:2.3:a:postfix:postfix:2.4.5:::::::* cpe:2.3:a:postfix:postfix:2.4.4:::::::* cpe:2.3:a:postfix:postfix:2.4.3:::::::* cpe:2.3:a:postfix:postfix:2.4.2:::::::* cpe:2.3:a:postfix:postfix:2.4.15:::::::* cpe:2.3:a:postfix:postfix:2.4.14:::::::* cpe:2.3:a:postfix:postfix:2.4.13:::::::* cpe:2.3:a:postfix:postfix:2.4.12:::::::* cpe:2.3:a:postfix:postfix:2.4.11:::::::* cpe:2.3:a:postfix:postfix:2.4.10:::::::* cpe:2.3:a:postfix:postfix:2.4.1:::::::* cpe:2.3:a:postfix:postfix:2.4.0:::::::* cpe:2.3:a:postfix:postfix:2.4:::::::* cpe:2.3:a:postfix:postfix:2.3.9:::::::* cpe:2.3:a:postfix:postfix:2.3.8:::::::* cpe:2.3:a:postfix:postfix:2.3.7:::::::* cpe:2.3:a:postfix:postfix:2.3.6:::::::* cpe:2.3:a:postfix:postfix:2.3.5:::::::* cpe:2.3:a:postfix:postfix:2.3.4:::::::* cpe:2.3:a:postfix:postfix:2.3.3:::::::* cpe:2.3:a:postfix:postfix:2.3.2:::::::* cpe:2.3:a:postfix:postfix:2.3.19:::::::* cpe:2.3:a:postfix:postfix:2.3.18:::::::* cpe:2.3:a:postfix:postfix:2.3.17:::::::* cpe:2.3:a:postfix:postfix:2.3.16:::::::* cpe:2.3:a:postfix:postfix:2.3.15:::::::* cpe:2.3:a:postfix:postfix:2.3.14:::::::* cpe:2.3:a:postfix:postfix:2.3.13:::::::* cpe:2.3:a:postfix:postfix:2.3.12:::::::* cpe:2.3:a:postfix:postfix:2.3.11:::::::* cpe:2.3:a:postfix:postfix:2.3.10:::::::* cpe:2.3:a:postfix:postfix:2.3.1:::::::* cpe:2.3:a:postfix:postfix:2.3.0:::::::* cpe:2.3:a:postfix:postfix:2.3:::::::* cpe:2.3:a:postfix:postfix:2.2.9:::::::* cpe:2.3:a:postfix:postfix:2.2.8:::::::* cpe:2.3:a:postfix:postfix:2.2.7:::::::* cpe:2.3:a:postfix:postfix:2.2.6:::::::* cpe:2.3:a:postfix:postfix:2.2.5:::::::* cpe:2.3:a:postfix:postfix:2.2.4:::::::* cpe:2.3:a:postfix:postfix:2.2.3:::::::* cpe:2.3:a:postfix:postfix:2.2.2:::::::* cpe:2.3:a:postfix:postfix:2.2.12:::::::* cpe:2.3:a:postfix:postfix:2.2.11:::::::* cpe:2.3:a:postfix:postfix:2.2.10:::::::* cpe:2.3:a:postfix:postfix:2.2.1:::::::* cpe:2.3:a:postfix:postfix:2.2.0:::::::* cpe:2.3:a:postfix:postfix:2.1.6:::::::* cpe:2.3:a:postfix:postfix:2.1.5:::::::* cpe:2.3:a:postfix:postfix:2.1.4:::::::* cpe:2.3:a:postfix:postfix:2.1.3:::::::* cpe:2.3:a:postfix:postfix:2.1.2:::::::* cpe:2.3:a:postfix:postfix:2.1.1:::::::* cpe:2.3:a:postfix:postfix:2.1.0:::::::* cpe:2.3:a:postfix:postfix:2.0.9:::::::* cpe:2.3:a:postfix:postfix:2.0.8:::::::* cpe:2.3:a:postfix:postfix:2.0.7:::::::* cpe:2.3:a:postfix:postfix:2.0.6:::::::* cpe:2.3:a:postfix:postfix:2.0.5:::::::* cpe:2.3:a:postfix:postfix:2.0.4:::::::* cpe:2.3:a:postfix:postfix:2.0.3:::::::* cpe:2.3:a:postfix:postfix:2.0.2:::::::* cpe:2.3:a:postfix:postfix:2.0.19:::::::* cpe:2.3:a:postfix:postfix:2.0.18:::::::* cpe:2.3:a:postfix:postfix:2.0.17:::::::* cpe:2.3:a:postfix:postfix:2.0.16:::::::* cpe:2.3:a:postfix:postfix:2.0.15:::::::* cpe:2.3:a:postfix:postfix:2.0.14:::::::* cpe:2.3:a:postfix:postfix:2.0.13:::::::* cpe:2.3:a:postfix:postfix:2.0.12:::::::* cpe:2.3:a:postfix:postfix:2.0.11:::::::* cpe:2.3:a:postfix:postfix:2.0.10:::::::* cpe:2.3:a:postfix:postfix:2.0.1:::::::* cpe:2.3:a:postfix:postfix:2.0.0:::::::*	109

OpenVAS Exploits

Date	Description
2012-08-10	Name : Gentoo Security Advisory GLSA 201206-33 (Postfix) File : nvt/glsa_201206_33.nasl
2012-07-30	Name : CentOS Update for postfix CESA-2011:0843 centos4 x86_64 File : nvt/gb_CESA-2011_0843_postfix_centos4_x86_64.nasl
2012-07-30	Name : CentOS Update for postfix CESA-2011:0843 centos5 x86_64 File : nvt/gb_CESA-2011_0843_postfix_centos5_x86_64.nasl
2011-08-09	Name : CentOS Update for postfix CESA-2011:0843 centos5 i386 File : nvt/gb_CESA-2011_0843_postfix_centos5_i386.nasl
2011-08-03	Name : Debian Security Advisory DSA 2233-1 (postfix) File : nvt/deb_2233_1.nasl
2011-08-03	Name : FreeBSD Ports: postfix, postfix-base File : nvt/freebsd_postfix0.nasl
2011-06-06	Name : CentOS Update for postfix CESA-2011:0843 centos4 i386 File : nvt/gb_CESA-2011_0843_postfix_centos4_i386.nasl
2011-06-06	Name : RedHat Update for postfix RHSA-2011:0843-01 File : nvt/gb_RHSA-2011_0843-01_postfix.nasl
2011-05-26	Name : Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability File : nvt/secpod_postfix_cyrus_sasl_memory_corruption_vuln.nasl
2011-05-23	Name : Fedora Update for postfix FEDORA-2011-6771 File : nvt/gb_fedora_2011_6771_postfix_fc14.nasl
2011-05-23	Name : Fedora Update for postfix FEDORA-2011-6777 File : nvt/gb_fedora_2011_6777_postfix_fc13.nasl
2011-05-23	Name : Mandriva Update for postfix MDVSA-2011:090 (postfix) File : nvt/gb_mandriva_MDVSA_2011_090.nasl
2011-05-17	Name : Ubuntu Update for postfix USN-1131-1 File : nvt/gb_ubuntu_USN_1131_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
72259	Postfix SMTP Cyrus SASL Authentication Context Data Reuse Memory Corruption A memory corruption flaw exists in Postfix. The Cyrus SASL library fails to sanitize user-supplied input when authentication types other than PLAIN and LOGIN are used resulting in memory corruption. With a specially crafted request, a remote attacker can potentially execute arbitrary code.

Snort® IPS/IDS

Date	Description
2014-01-10	Postfix SMTP Server SASL AUTH Handle Reuse Memory Corruption RuleID : 19708 - Revision : 12 - Type : SERVER-MAIL

Nessus® Vulnerability Scanner

Date	Description
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_4_postfix-110510.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_postfix-110510.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0843.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110531_postfix_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-06-26	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-33.nasl - Type : ACT_GATHER_INFO
2011-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_postfix-7502.nasl - Type : ACT_GATHER_INFO
2011-06-13	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1131-1.nasl - Type : ACT_GATHER_INFO
2011-06-02	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0843.nasl - Type : ACT_GATHER_INFO
2011-06-01	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0843.nasl - Type : ACT_GATHER_INFO
2011-05-19	Name : The remote mail server is affected by a memory corruption vulnerability. File : postfix_memory_corruption_exploit.nasl - Type : ACT_ATTACK
2011-05-19	Name : The remote mail server is potentially affected by a memory corruption vulnera... File : postfix_memory_corruption.nasl - Type : ACT_GATHER_INFO
2011-05-19	Name : The remote Fedora host is missing a security update. File : fedora_2011-6784.nasl - Type : ACT_GATHER_INFO
2011-05-18	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-090.nasl - Type : ACT_GATHER_INFO
2011-05-18	Name : The remote Fedora host is missing a security update. File : fedora_2011-6777.nasl - Type : ACT_GATHER_INFO
2011-05-18	Name : The remote Fedora host is missing a security update. File : fedora_2011-6771.nasl - Type : ACT_GATHER_INFO
2011-05-12	Name : The remote openSUSE host is missing a security update. File : suse_11_2_postfix-110510.nasl - Type : ACT_GATHER_INFO
2011-05-11	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12707.nasl - Type : ACT_GATHER_INFO
2011-05-11	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2233.nasl - Type : ACT_GATHER_INFO
2011-05-10	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_3eb2c100738b11e089f4001e90d46635.nasl - Type : ACT_GATHER_INFO
2011-05-10	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_postfix-110504.nasl - Type : ACT_GATHER_INFO
2011-05-10	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_postfix-7503.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:58:36	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	4
CPE ID(s)	109
osvdb(s)	1
Openvas Exploit(s)	13
Snort® Rule(s)	1
Nessus® Exploit(s)	21

	Related
6.8	CVE-2011-1720
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

6.8 - USN-1131-1

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU