Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Postfix SMTP Server Cyrus SASL认证方法缓冲区溢出漏洞
Vulnerability Description
Postfix是Unix类操作系统中所使用的邮件传输代理。 Postfix 2.5.13之前版本,2.6.10之前的2.6.x版本,2.7.4之前的2.7.x版本和2.8.3之前的2.8.x版本的SMTP服务器中存在缓冲区溢出漏洞。当Cyrus SASL认证方法启用时,Postfix SMTP Server为每个SMTP会话创建了一个SASL句柄,在关闭SMTP连接前会一直使用此句柄。根据Cyrus SASL include源文件的注释,服务器在客户端验证失败后不应重新使用Cyrus SASL服务器,而应
CVSS Information
N/A
Vulnerability Type
N/A