This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
postfix did not clear the receive buffer after the STARTTLS command. A
man-in-the middle could therefore inject commands in the unencrypted
stream that get interpreted in the encrypted phase after STARTTLS
See also :
Update the affected postfix packages.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.0
Public Exploit Available : false