Postfix SMTP サーバにおけるメモリ破損の脆弱性

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001628.html

Postfix SMTP サーバには、メモリ破損の脆弱性が存在します。

Postfix SMTP サーバには、Cyrus SASL ライブラリを用いた認証処理に問題があり、メモリ破損の脆弱性が存在します。
この問題は PLAIN 認証または LOGIN 認証以外で Cyrus SASL ライブラリを使用した際に起こります。

なお、開発者から以下の脆弱性情報が公開されています。

"The Postfix SMTP server fails to create a new Cyrus SASL server handle after authentication failure. This causes memory corruption when, for example, a client requests CRAM-MD5 authentication, fails to authenticate, and then invokes some other authentication mechanism except PLAIN (or ANONYMOUS if available). The likely outcome is that the Postfix SMTP server process crashes with a segmentation violation error (SIGSEGV, a.k.a. signal 11)."
...
"The memory corruption is known to result in a program crash (SIGSEV). Remote code execution cannot be excluded. Such code would execute as the unprivileged "postfix" user. This user has no control over processes that run with non-postfix privileges including Postfix processes running as root; the impact may be reduced with configurations that enable the Postfix chroot feature or that use platform-dependent privilege-reducing features."


コメントをどうぞ