The SMTP server in Postfix prior to 2.5.13, 2.6.x prior to 2.6.10, 2.7.x prior to 2.7.4, and 2.8.x prior to 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote malicious users to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
postfix postfix 2.3.16 |
||
postfix postfix 2.3.18 |
||
postfix postfix 2.0.10 |
||
postfix postfix 2.4.10 |
||
postfix postfix 2.5.0 |
||
postfix postfix 2.4 |
||
postfix postfix 2.3.11 |
||
postfix postfix 2.0.14 |
||
postfix postfix 2.0.17 |
||
postfix postfix 2.2.7 |
||
postfix postfix 2.0.16 |
||
postfix postfix 2.3.6 |
||
postfix postfix 2.1.5 |
||
postfix postfix 2.5.9 |
||
postfix postfix 2.3.0 |
||
postfix postfix 2.0.6 |
||
postfix postfix 2.2.4 |
||
postfix postfix 2.0.15 |
||
postfix postfix 2.5.2 |
||
postfix postfix 2.4.15 |
||
postfix postfix 2.5.12 |
||
postfix postfix 2.4.0 |
||
postfix postfix 2.3.12 |
||
postfix postfix 2.3.10 |
||
postfix postfix 2.5.7 |
||
postfix postfix 2.5.8 |
||
postfix postfix 2.4.5 |
||
postfix postfix 2.1.4 |
||
postfix postfix 2.3.9 |
||
postfix postfix 2.3.2 |
||
postfix postfix 2.2.11 |
||
postfix postfix 2.3 |
||
postfix postfix 2.2.5 |
||
postfix postfix 2.3.7 |
||
postfix postfix 2.1.1 |
||
postfix postfix 2.3.14 |
||
postfix postfix 2.4.8 |
||
postfix postfix 2.4.12 |
||
postfix postfix 2.1.2 |
||
postfix postfix 2.4.3 |
||
postfix postfix 2.5.3 |
||
postfix postfix 2.2.3 |
||
postfix postfix 2.0.9 |
||
postfix postfix 2.0.4 |
||
postfix postfix 2.3.17 |
||
postfix postfix 2.5.10 |
||
postfix postfix 2.2.2 |
||
postfix postfix 2.0.0 |
||
postfix postfix 2.0.2 |
||
postfix postfix 2.0.11 |
||
postfix postfix 2.2.8 |
||
postfix postfix 2.4.11 |
||
postfix postfix 2.2.10 |
||
postfix postfix 2.3.19 |
||
postfix postfix 2.3.15 |
||
postfix postfix 2.4.7 |
||
postfix postfix 2.4.2 |
||
postfix postfix 2.0.1 |
||
postfix postfix 2.2.1 |
||
postfix postfix 2.0.12 |
||
postfix postfix 2.5.4 |
||
postfix postfix 2.5.11 |
||
postfix postfix 2.3.4 |
||
postfix postfix 2.4.9 |
||
postfix postfix 2.0.5 |
||
postfix postfix 2.3.3 |
||
postfix postfix 2.0.18 |
||
postfix postfix 2.0.13 |
||
postfix postfix 2.2.12 |
||
postfix postfix 2.3.1 |
||
postfix postfix 2.5.1 |
||
postfix postfix 2.0.3 |
||
postfix postfix 2.4.13 |
||
postfix postfix 2.0.7 |
||
postfix postfix 2.1.0 |
||
postfix postfix 2.3.8 |
||
postfix postfix 2.1.6 |
||
postfix postfix 2.4.14 |
||
postfix postfix 2.0.8 |
||
postfix postfix 2.3.5 |
||
postfix postfix 2.1.3 |
||
postfix postfix 2.5.5 |
||
postfix postfix 2.4.1 |
||
postfix postfix 2.0.19 |
||
postfix postfix 2.2.0 |
||
postfix postfix 2.4.6 |
||
postfix postfix 2.4.4 |
||
postfix postfix 2.2.6 |
||
postfix postfix 2.2.9 |
||
postfix postfix 2.5.6 |
||
postfix postfix 2.3.13 |
||
postfix postfix 2.6.9 |
||
postfix postfix 2.6.6 |
||
postfix postfix 2.6.3 |
||
postfix postfix 2.6.1 |
||
postfix postfix 2.6.7 |
||
postfix postfix 2.6.0 |
||
postfix postfix 2.6 |
||
postfix postfix 2.6.4 |
||
postfix postfix 2.6.5 |
||
postfix postfix 2.6.2 |
||
postfix postfix 2.6.8 |
||
postfix postfix 2.7.2 |
||
postfix postfix 2.7.0 |
||
postfix postfix 2.7.1 |
||
postfix postfix 2.7.3 |
||
postfix postfix 2.8.0 |
||
postfix postfix 2.8.1 |
||
postfix postfix 2.8.2 |
Vulmon