A heap-based buffer overread flaw was found in the way Postfix mail transport agent performed SASL handlers management for SMTP sessions, when the Cyrus SASL authentication was enabled. A remote attacker could use this flaw to cause Postfix smtpd server crash via specially-crafted SASL authentication request. Note: The default configuration of Postfix mail transport agent, as shipped with Red Hat Enterprise Linux 4, 5, and 6 do not enable SASL support for SMTP authentication for mail clients (thus Postfix server instances using it are not vulnerable to this flaw). Workaround: If your Postfix server configuration contains directive like: smtpd_sasl_auth_enable = yes change 'yes' to 'no' or comment the whole line out not to be vulnerable to this flaw.
This issue affects the versions of the postfix package, as shipped with Red Hat Enterprise Linux 4, 5, and 6. -- This issue affects the versions of the postfix package, as shipped with Fedora release of 13 and 14.
Public now via: http://thread.gmane.org/gmane.mail.postfix.announce/127 http://www.postfix.org/CVE-2011-1720.html (to be available soon)
Acknowledgements: Red Hat would like to thank the CERT/CC for reporting CVE-2011-1720. Upstream acknowledges Thomas Jarosch of Intra2net AG as the original reporter.
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2011:0843 https://rhn.redhat.com/errata/RHSA-2011-0843.html