QwikSec

Security Database

CVE

CWE

Training

CVE-2011-0411

Published: Mar 16, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

x_refsource_CONFIRM

multiple-starttls-command-execution(65932)

vdb-entry

x_refsource_XF

http://www.postfix.org/CVE-2011-0411.html

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

SUSE-SR:2011:009

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_VUPEN

vendor-advisory

x_refsource_GENTOO

FEDORA-2011-3355

vendor-advisory

x_refsource_FEDORA

third-party-advisory

x_refsource_SECUNIA

FEDORA-2011-3394

vendor-advisory

x_refsource_FEDORA

http://www.kb.cert.org/vuls/id/MORO-8ELH6Z

x_refsource_CONFIRM

APPLE-SA-2011-10-12-3

vendor-advisory

x_refsource_APPLE

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_REDHAT

third-party-advisory

x_refsource_CERT-VN

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_REDHAT

http://support.apple.com/kb/HT5002

x_refsource_CONFIRM

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

[oss-security] 20210810 STARTTLS vulnerabilities

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.