Exploit the possiblities
Showing 1 - 8 of 8 RSS Feed

CVE-2011-0411

Status Candidate

Overview

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.

Related Files

Gentoo Linux Security Advisory 201206-33
Posted Jun 25, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-33 - A vulnerability has been found in Postfix, the worst of which possibly allowing remote code execution. Versions less than 2.7.4 are affected.

tags | advisory, remote, code execution
systems | linux, gentoo
advisories | CVE-2011-0411, CVE-2011-1720
MD5 | 747c3d1ceb77eac7ea28b8d7ce15ee48
Debian Security Advisory 2346-1
Posted Nov 16, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2346-1 - Several vulnerabilities were discovered in ProFTPD, an FTP server. ProFTPD incorrectly uses data from an unencrypted input buffer after encryption has been enabled with STARTTLS, an issue similar to CVE-2011-0411. ProFTPD uses a response pool after freeing it under exceptional conditions, possibly leading to remote code execution.

tags | advisory, remote, vulnerability, code execution
systems | linux, debian
advisories | CVE-2011-0411, CVE-2011-4130
MD5 | 09e47c9f54c850e4c553afe33bc30cec
Apple Security Advisory 2011-10-12-3
Posted Oct 13, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-10-12-3 - OS X Lion has a security update available that addresses findings in Apache, a format string vulnerability in the Application Firewall, an arbitrary code execution vulnerability when viewing a malicious font via ATS, and 60+ other issues.

tags | advisory, arbitrary, code execution
systems | apple, osx
advisories | CVE-2009-4022, CVE-2010-0097, CVE-2010-1157, CVE-2010-1634, CVE-2010-2089, CVE-2010-2227, CVE-2010-3436, CVE-2010-3613, CVE-2010-3614, CVE-2010-3718, CVE-2010-4172, CVE-2010-4645, CVE-2011-0013, CVE-2011-0185, CVE-2011-0187, CVE-2011-0224, CVE-2011-0226, CVE-2011-0229, CVE-2011-0230, CVE-2011-0231, CVE-2011-0249, CVE-2011-0250, CVE-2011-0251, CVE-2011-0252, CVE-2011-0259, CVE-2011-0260, CVE-2011-0411, CVE-2011-0419
MD5 | 50a5772c2540863ea47a21c4c5193ca5
Debian Security Advisory 2233-1
Posted May 10, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2233-1 - Several vulnerabilities were discovered in Postfix, a mail transfer agent.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2009-2939, CVE-2011-0411, CVE-2011-1720
MD5 | 777ed4cbea09e007860b29ecab6dfc81
Ubuntu Security Notice USN-1113-1
Posted Apr 18, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1113-1 - It was discovered that the Postfix package incorrectly granted write access on the PID directory to the postfix user. A local attacker could use this flaw to possibly conduct a symlink attack and overwrite arbitrary files. This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. Wietse Venema discovered that Postfix incorrectly handled cleartext commands after TLS is in place. A remote attacker could exploit this to inject cleartext commands into TLS sessions, and possibly obtain confidential information such as passwords.

tags | advisory, remote, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2009-2939, CVE-2011-0411
MD5 | 464375a0377cc432d5b348bcf1a97c40
Mandriva Linux Security Advisory 2011-046
Posted Mar 18, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-046 - A security flaw was discovered in pure-ftpd which allows plaintext command injection over TLS.

tags | advisory
systems | linux, mandriva
advisories | CVE-2011-0411
MD5 | 7480266a083c53c50671070406db0c3e
Mandriva Linux Security Advisory 2011-045
Posted Mar 16, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-045 - A security flaw was discovered in postfix which allows plaintext command injection with SMTP sessions over TLS.

tags | advisory
systems | linux, mandriva
advisories | CVE-2011-0411
MD5 | 2d0a69648f0a31dc22d10e5976c6f564
STARTTLS Plaintext Injection
Posted Mar 7, 2011
Authored by Wietse Venema

Multiple SMTP implementations suffer from a plaintext injection vulnerability with STARTTLS.

tags | advisory
advisories | CVE-2011-0411
MD5 | 1b04af43139f06389239140f5ad5fb22
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close