FreeBSD : postfix -- plaintext command injection with SMTP over TLS (14a6f516-502f-11e0-b448-bbfa2731f9c7)
Medium Nessus Plugin ID 52728
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionWietse Venema has discovered a software flaw that allows an attacker to inject client commands into an SMTP session during the unprotected plaintext SMTP protocol phase, such that the server will execute those commands during the SMTP- over-TLS protocol phase when all communication is supposed to be protected.
SolutionUpdate the affected packages.