Gentoo Linux Security Advisory 201206-33 - A vulnerability has been found in Postfix, the worst of which possibly allowing remote code execution. Versions less than 2.7.4 are affected.
747c3d1ceb77eac7ea28b8d7ce15ee48
Debian Linux Security Advisory 2346-1 - Several vulnerabilities were discovered in ProFTPD, an FTP server. ProFTPD incorrectly uses data from an unencrypted input buffer after encryption has been enabled with STARTTLS, an issue similar to CVE-2011-0411. ProFTPD uses a response pool after freeing it under exceptional conditions, possibly leading to remote code execution.
09e47c9f54c850e4c553afe33bc30cec
Apple Security Advisory 2011-10-12-3 - OS X Lion has a security update available that addresses findings in Apache, a format string vulnerability in the Application Firewall, an arbitrary code execution vulnerability when viewing a malicious font via ATS, and 60+ other issues.
50a5772c2540863ea47a21c4c5193ca5
Debian Linux Security Advisory 2233-1 - Several vulnerabilities were discovered in Postfix, a mail transfer agent.
777ed4cbea09e007860b29ecab6dfc81
Ubuntu Security Notice 1113-1 - It was discovered that the Postfix package incorrectly granted write access on the PID directory to the postfix user. A local attacker could use this flaw to possibly conduct a symlink attack and overwrite arbitrary files. This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. Wietse Venema discovered that Postfix incorrectly handled cleartext commands after TLS is in place. A remote attacker could exploit this to inject cleartext commands into TLS sessions, and possibly obtain confidential information such as passwords.
464375a0377cc432d5b348bcf1a97c40
Mandriva Linux Security Advisory 2011-046 - A security flaw was discovered in pure-ftpd which allows plaintext command injection over TLS.
7480266a083c53c50671070406db0c3e
Mandriva Linux Security Advisory 2011-045 - A security flaw was discovered in postfix which allows plaintext command injection with SMTP sessions over TLS.
2d0a69648f0a31dc22d10e5976c6f564
Multiple SMTP implementations suffer from a plaintext injection vulnerability with STARTTLS.
1b04af43139f06389239140f5ad5fb22