CVE-2011-1720 PoC — Postfix SMTP Server Cyrus SASL认证方法缓冲区溢出漏洞

Source

https://github.com/nbeguier/postfix_exploit

Associated Vulnerability

Title:Postfix SMTP Server Cyrus SASL认证方法缓冲区溢出漏洞 (CVE-2011-1720)
Description:Postfix是Unix类操作系统中所使用的邮件传输代理。 Postfix 2.5.13之前版本，2.6.10之前的2.6.x版本，2.7.4之前的2.7.x版本和2.8.3之前的2.8.x版本的SMTP服务器中存在缓冲区溢出漏洞。当Cyrus SASL认证方法启用时，Postfix SMTP Server为每个SMTP会话创建了一个SASL句柄，在关闭SMTP连接前会一直使用此句柄。根据Cyrus SASL include源文件的注释，服务器在客户端验证失败后不应重新使用Cyrus SASL服务器，而应

Description

Exploit of CVE-2011-1720.

Readme

# postfix_exploit

File Snapshot


 [4.0K]  /data/pocs/49c6a3c836a877a0dd4d1b71b6d19944e7a713d1
├── [  56]  postfix_gdb_attach.sh
├── [ 355]  postfix_launcher.sh
└── [  18]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!