Detections
Analytics
Mandriva Linux Security Advisory : postfix (MDVSA-2011:090)
medium Nessus Plugin ID 54298
Language:
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
A vulnerability has been found and corrected in postfix :The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method (CVE-2011-1720).
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149 products_id=490
The updated packages have been patched to correct this issue.
Solution
Update the affected packages.Plugin Details
Severity: Medium
ID: 54298
File Name: mandriva_MDVSA-2011-090.nasl
Version: 1.10
Type: local
Family: Mandriva Local Security Checks
Published: 5/18/2011
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.5
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:postfix-pcre, p-cpe:/a:mandriva:linux:postfix-mysql, p-cpe:/a:mandriva:linux:postfix-ldap, p-cpe:/a:mandriva:linux:postfix, cpe:/o:mandriva:linux:2010.1, p-cpe:/a:mandriva:linux:libpostfix1, p-cpe:/a:mandriva:linux:postfix-cdb, p-cpe:/a:mandriva:linux:lib64postfix1, p-cpe:/a:mandriva:linux:postfix-pgsql, cpe:/o:mandriva:linux:2009.0
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 5/17/2011
Reference Information
CVE: CVE-2011-1720
BID: 47778
MDVSA: 2011:090