CVE-2011-1720

N/A Unknown

Published: May 13, 2011 Modified: April 29, 2026

Description

The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00002.html

Source: cve@mitre.org

http://secunia.com/advisories/44500

Source: cve@mitre.org

Vendor Advisory

http://security.gentoo.org/glsa/glsa-201206-33.xml

Source: cve@mitre.org

http://securityreason.com/securityalert/8247

Source: cve@mitre.org

http://www.debian.org/security/2011/dsa-2233

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/727230

Source: cve@mitre.org

US Government Resource

http://www.mail-archive.com/postfix-announce%40postfix.org/msg00007.html

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2011:090

Source: cve@mitre.org

http://www.osvdb.org/72259

Source: cve@mitre.org

http://www.postfix.org/CVE-2011-1720.html

Source: cve@mitre.org

Vendor Advisory

http://www.postfix.org/announcements/postfix-2.8.3.html

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/517917/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/47778

Source: cve@mitre.org

Patch

http://www.securitytracker.com/id?1025521

Source: cve@mitre.org

http://www.ubuntu.com/usn/usn-1131-1

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=699035

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/67359

Source: cve@mitre.org

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/44500

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://security.gentoo.org/glsa/glsa-201206-33.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/8247

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2011/dsa-2233

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/727230

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.mail-archive.com/postfix-announce%40postfix.org/msg00007.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2011:090

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/72259

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.postfix.org/CVE-2011-1720.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.postfix.org/announcements/postfix-2.8.3.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/archive/1/517917/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/47778

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securitytracker.com/id?1025521

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/usn-1131-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=699035

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/67359

Source: af854a3a-2127-422b-91ae-364da2661108

36 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

21.6%

97th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-119

Affected Vendors

postfix

Related CVEs

CVE-2026-9699 6.8

CVE-2026-57667 8.5

CVE-2026-57665 5.3

CVE-2026-57664 4.3

CVE-2026-57663 8.5