Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2011-0411

Опубликовано: 16 мар. 2011
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS2: 6.8

Описание

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.

РелизСтатусПримечание
dapper

released

2.2.10-1ubuntu0.3
devel

not-affected

2.8.2-1ubuntu1
hardy

released

2.5.1-2ubuntu1.3
karmic

released

2.6.5-3ubuntu0.1
lucid

released

2.7.0-1ubuntu0.1
maverick

released

2.7.1-1ubuntu0.1
upstream

released

2.4.16, 2.5.12, 2.6.9, 2.7.3

Показывать по

EPSS

Процентиль: 97%
0.34744
Средний

6.8 Medium

CVSS2

Связанные уязвимости

redhat
больше 14 лет назад

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.

nvd
больше 14 лет назад

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.

debian
больше 14 лет назад

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x befo ...

github
около 3 лет назад

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.

oracle-oval
больше 14 лет назад

ELSA-2011-0423: postfix security update (MODERATE)

EPSS

Процентиль: 97%
0.34744
Средний

6.8 Medium

CVSS2