store | blogs | forums | twitter | facebook | wiki | mailing lists | downloads | support portal
Atomic Secure Linux
It is currently Thu May 23, 2013 1:29 pm

View unanswered posts | View active topics


Board index » Customer Support Forums » Security Alerts

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]



Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 3 posts ] 
  Print view Previous topic | First unread post | Next topic 
Author Message
breun
 Post subject: Memory corruption in Postfix SMTP server Cyrus SASL support
Unread postPosted: Mon May 23, 2011 4:13 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
http://kb.parallels.com/en/111296 says:

Quote:
Postfix is prone to a memory-corruption vulnerability that affects the SMTP server when Cyrus SASL support is enabled.


If you're using Postfix with Plesk then Cyrus SASL support gets enabled.

According to https://bugzilla.redhat.com/show_bug.cgi?id=699035 EL4-6 are also affected, but an update that fixes this is not available yet.

More links:

http://www.postfix.org/CVE-2011-1720.html
http://thread.gmane.org/gmane.mail.postfix.announce/127

_________________
Lemonbit Internet Dedicated Server Management

Top
 Profile  
 
mikeshinn
 Post subject: Re: Memory corruption in Postfix SMTP server Cyrus SASL supp
Unread postPosted: Mon May 23, 2011 3:38 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3245
Location: Chantilly, VA
Thanks for alerting everyone. So I've been talking to the kernel guys about this, and the ASL kernel should protect you from this being exploitable (it may not even be exploitable).

Also, if postfix is chrooted (it is in some environments) then all the chroot-related options will help to contain any potential compromise as well if you were not running an ASL kernel (again, with an ASL kernel this is not likely to be exploitable, if it even is, anyway). Not sure if thats the case with Plesk though.

As always though we recommend you patch your systems, this is a bug too and it may effect reliability of the software. And defense in depth is a good idea, so even though the kernel may protect you, we still recommend you patch to protect reliability and to give you more defense in depth.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.

Top
 Profile  
 
breun
 Post subject: Re: Memory corruption in Postfix SMTP server Cyrus SASL supp
Unread postPosted: Tue May 31, 2011 6:26 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
An update for RHEL/CentOS which fixes this is available: https://rhn.redhat.com/errata/RHSA-2011-0843.html

_________________
Lemonbit Internet Dedicated Server Management

Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 3 posts ] 

Board index » Customer Support Forums » Security Alerts

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group