CVE-2011-0411

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.

References

http://secunia.com/advisories/43646

http://www.kb.cert.org/vuls/id/MORO-8ELH6Z

http://www.kb.cert.org/vuls/id/555316

http://www.securityfocus.com/bid/46767

http://www.vupen.com/english/advisories/2011/0611

http://www.osvdb.org/71021

http://securitytracker.com/id?1025179

http://www.postfix.org/CVE-2011-0411.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html

http://www.vupen.com/english/advisories/2011/0752

http://secunia.com/advisories/43874

http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

http://www.vupen.com/english/advisories/2011/0891

http://www.redhat.com/support/errata/RHSA-2011-0423.html

http://www.debian.org/security/2011/dsa-2233

http://www.redhat.com/support/errata/RHSA-2011-0422.html

http://support.apple.com/kb/HT5002

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

http://security.gentoo.org/glsa/glsa-201206-33.xml

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

https://exchange.xforce.ibmcloud.com/vulnerabilities/65932

Details

Source: MITRE

Published: 2011-03-16

Updated: 2021-08-10

Type: CWE-264

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:postfix:postfix:2.4:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.4.4:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.4.0:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.4.9:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.4.8:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.4.6:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.4.5:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.4.14:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.4.15:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.4.3:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.4.2:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.4.10:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.4.12:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.4.11:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.4.7:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.4.13:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.4.1:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:postfix:postfix:2.5.0:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.5.8:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.5.9:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.5.6:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.5.7:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.5.5:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.5.3:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.5.4:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.5.10:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.5.11:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:postfix:postfix:2.6.2:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.6.3:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.6.8:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.6.4:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.6.5:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.6:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.6.6:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.6.7:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:postfix:postfix:2.7.0:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.7.1:*:*:*:*:*:*:*

cpe:2.3:a:postfix:postfix:2.7.2:*:*:*:*:*:*:*

Tenable Plugins

View all (43 total)

IDNameProductFamilySeverity
76000openSUSE Security Update : pure-ftpd (openSUSE-SU-2011:0483-1)NessusSuSE Local Security Checks
medium
75996openSUSE Security Update : postfix (openSUSE-SU-2011:0389-1)NessusSuSE Local Security Checks
medium
75716openSUSE Security Update : pure-ftpd (openSUSE-SU-2011:0483-1)NessusSuSE Local Security Checks
medium
75710openSUSE Security Update : postfix (openSUSE-SU-2011:0389-1)NessusSuSE Local Security Checks
medium
68289Oracle Linux 4 / 5 / 6 : cyrus-imapd (ELSA-2011-0859)NessusOracle Linux Local Security Checks
medium
68249Oracle Linux 6 : postfix (ELSA-2011-0423)NessusOracle Linux Local Security Checks
medium
68248Oracle Linux 4 / 5 : postfix (ELSA-2011-0422)NessusOracle Linux Local Security Checks
medium
61676FreeBSD : inn -- plaintext command injection into encrypted channel (a7975581-ee26-11e1-8bd8-0022156e8794)NessusFreeBSD Local Security Checks
medium
61011Scientific Linux Security Update : postfix on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
medium
61010Scientific Linux Security Update : postfix on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
59706GLSA-201206-33 : Postfix: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
57246SuSE 10 Security Update : pure-ftpd (ZYPP Patch Number 7480)NessusSuSE Local Security Checks
medium
57242SuSE 10 Security Update : Postfix (ZYPP Patch Number 7403)NessusSuSE Local Security Checks
medium
56481Mac OS X Multiple Vulnerabilities (Security Update 2011-006)NessusMacOS X Local Security Checks
critical
55071Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : postfix vulnerabilities (USN-1113-1)NessusUbuntu Local Security Checks
medium
55013RHEL 4 / 5 / 6 : cyrus-imapd (RHSA-2011:0859)NessusRed Hat Local Security Checks
medium
55000CentOS 4 / 5 : cyrus-imapd (CESA-2011:0859)NessusCentOS Local Security Checks
medium
54830SuSE 10 Security Update : pure-ftpd (ZYPP Patch Number 7466)NessusSuSE Local Security Checks
medium
54828SuSE 11.1 Security Update : pure-ftpd (SAT Patch Number 4360)NessusSuSE Local Security Checks
medium
53888openSUSE Security Update : pure-ftpd (openSUSE-SU-2011:0483-1)NessusSuSE Local Security Checks
medium
53868SuSE9 Security Update : Postfix (YOU Patch Number 12707)NessusSuSE Local Security Checks
medium
53860Debian DSA-2233-1 : postfix - several vulnerabilitiesNessusDebian Local Security Checks
medium
53792openSUSE Security Update : postfix (openSUSE-SU-2011:0389-1)NessusSuSE Local Security Checks
medium
53531SuSE 10 Security Update : Postfix (ZYPP Patch Number 7387)NessusSuSE Local Security Checks
medium
53529SuSE 11.1 Security Update : Postfix (SAT Patch Number 4177)NessusSuSE Local Security Checks
medium
53338CentOS 4 / 5 : postfix (CESA-2011:0422)NessusCentOS Local Security Checks
medium
53311RHEL 6 : postfix (RHSA-2011:0423)NessusRed Hat Local Security Checks
medium
53310RHEL 4 / 5 : postfix (RHSA-2011:0422)NessusRed Hat Local Security Checks
medium
52953Fedora 14 : postfix-2.7.3-1.fc14 (2011-3394)NessusFedora Local Security Checks
medium
52950Fedora 13 : postfix-2.7.3-1.fc13 (2011-3355)NessusFedora Local Security Checks
medium
52728FreeBSD : postfix -- plaintext command injection with SMTP over TLS (14a6f516-502f-11e0-b448-bbfa2731f9c7)NessusFreeBSD Local Security Checks
medium
52699Mandriva Linux Security Advisory : postfix (MDVSA-2011:045)NessusMandriva Local Security Checks
medium
52611SMTP Service STARTTLS Plaintext Command InjectionNessusSMTP problems
medium
52610POP3 Service STLS Plaintext Command InjectionNessusMisc.
medium
52609IMAP Service STARTTLS Plaintext Command InjectionNessusMisc.
medium
27042Solaris 9 (x86) : 126480-26NessusSolaris Local Security Checks
medium
27025Solaris 9 (sparc) : 126479-26NessusSolaris Local Security Checks
medium
27006Solaris 10 (x86) : 126480-26 (deprecated)NessusSolaris Local Security Checks
medium
26991Solaris 10 (sparc) : 126479-26 (deprecated)NessusSolaris Local Security Checks
medium
25401Solaris 9 (x86) : 120229-45NessusSolaris Local Security Checks
medium
25398Solaris 9 (sparc) : 120228-45NessusSolaris Local Security Checks
medium
25390Solaris 10 (x86) : 120229-45 (deprecated)NessusSolaris Local Security Checks
medium
25386Solaris 10 (sparc) : 120228-45 (deprecated)NessusSolaris Local Security Checks
medium