VDB
DEBIAN-CVE-2011-1720
DEBIAN-CVE-2011-1720
PUBLISHED
CVSS 9.300000190734863 CRITICAL
The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | postfix | 0, 0, 0 |
| Debian:14 | postfix | 0, 0, 0 |
| Debian:12 | postfix | 0, 0, 0 |
| Debian:11 | postfix | 0, 0, 0 |
Timeline
- May 13, 2011 CVE Published
- May 19, 2011 PoC Published
- Dec 11, 2017 PoC Published
- Apr 28, 2026 CVE Updated