Showing 1 - 8 of 8

CVE-2011-0411

Status Candidate

Overview

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.

Related Files

Gentoo Linux Security Advisory 201206-33: Posted Jun 25, 2012; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201206-33 - A vulnerability has been found in Postfix, the worst of which possibly allowing remote code execution. Versions less than 2.7.4 are affected.; tags | advisory, remote, code execution; systems | linux, gentoo; advisories | CVE-2011-0411, CVE-2011-1720; MD5 | 747c3d1ceb77eac7ea28b8d7ce15ee48; Download | Favorite | Comments (0)

Debian Security Advisory 2346-1: Posted Nov 16, 2011; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2346-1 - Several vulnerabilities were discovered in ProFTPD, an FTP server. ProFTPD incorrectly uses data from an unencrypted input buffer after encryption has been enabled with STARTTLS, an issue similar to CVE-2011-0411. ProFTPD uses a response pool after freeing it under exceptional conditions, possibly leading to remote code execution.; tags | advisory, remote, vulnerability, code execution; systems | linux, debian; advisories | CVE-2011-0411, CVE-2011-4130; MD5 | 09e47c9f54c850e4c553afe33bc30cec; Download | Favorite | Comments (0)

Apple Security Advisory 2011-10-12-3: Posted Oct 13, 2011; Authored by Apple | Site apple.com; Apple Security Advisory 2011-10-12-3 - OS X Lion has a security update available that addresses findings in Apache, a format string vulnerability in the Application Firewall, an arbitrary code execution vulnerability when viewing a malicious font via ATS, and 60+ other issues.; tags | advisory, arbitrary, code execution; systems | apple, osx; advisories | CVE-2009-4022, CVE-2010-0097, CVE-2010-1157, CVE-2010-1634, CVE-2010-2089, CVE-2010-2227, CVE-2010-3436, CVE-2010-3613, CVE-2010-3614, CVE-2010-3718, CVE-2010-4172, CVE-2010-4645, CVE-2011-0013, CVE-2011-0185, CVE-2011-0187, CVE-2011-0224, CVE-2011-0226, CVE-2011-0229, CVE-2011-0230, CVE-2011-0231, CVE-2011-0249, CVE-2011-0250, CVE-2011-0251, CVE-2011-0252, CVE-2011-0259, CVE-2011-0260, CVE-2011-0411, CVE-2011-0419; MD5 | 50a5772c2540863ea47a21c4c5193ca5; Download | Favorite | Comments (0)

Debian Security Advisory 2233-1: Posted May 10, 2011; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2233-1 - Several vulnerabilities were discovered in Postfix, a mail transfer agent.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2009-2939, CVE-2011-0411, CVE-2011-1720; MD5 | 777ed4cbea09e007860b29ecab6dfc81; Download | Favorite | Comments (0)

Ubuntu Security Notice USN-1113-1: Posted Apr 18, 2011; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1113-1 - It was discovered that the Postfix package incorrectly granted write access on the PID directory to the postfix user. A local attacker could use this flaw to possibly conduct a symlink attack and overwrite arbitrary files. This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. Wietse Venema discovered that Postfix incorrectly handled cleartext commands after TLS is in place. A remote attacker could exploit this to inject cleartext commands into TLS sessions, and possibly obtain confidential information such as passwords.; tags | advisory, remote, arbitrary, local; systems | linux, ubuntu; advisories | CVE-2009-2939, CVE-2011-0411; MD5 | 464375a0377cc432d5b348bcf1a97c40; Download | Favorite | Comments (0)

Mandriva Linux Security Advisory 2011-046: Posted Mar 18, 2011; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2011-046 - A security flaw was discovered in pure-ftpd which allows plaintext command injection over TLS.; tags | advisory; systems | linux, mandriva; advisories | CVE-2011-0411; MD5 | 7480266a083c53c50671070406db0c3e; Download | Favorite | Comments (0)

Mandriva Linux Security Advisory 2011-045: Posted Mar 16, 2011; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2011-045 - A security flaw was discovered in postfix which allows plaintext command injection with SMTP sessions over TLS.; tags | advisory; systems | linux, mandriva; advisories | CVE-2011-0411; MD5 | 2d0a69648f0a31dc22d10e5976c6f564; Download | Favorite | Comments (0)

STARTTLS Plaintext Injection: Posted Mar 7, 2011; Authored by Wietse Venema; Multiple SMTP implementations suffer from a plaintext injection vulnerability with STARTTLS.; tags | advisory; advisories | CVE-2011-0411; MD5 | 1b04af43139f06389239140f5ad5fb22; Download | Favorite | Comments (0)

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 43 files
Ubuntu 35 files
Gionathan Reale 19 files
Debian 19 files
Google Security Research 14 files
Luis Martinez 10 files
Ismail Tasdelen 9 files
Slackware Security Team 7 files
Jann Horn 7 files
HP 7 files

File Archives

Systems

AIX (410)
Apple (1,576)
BSD (341)
Cisco (1,822)
Debian (5,600)
Fedora (1,683)
FreeBSD (1,201)
Gentoo (3,594)
HPUX (866)
iOS (182)
iPhone (104)
IRIX (219)
Juniper (66)
Linux (34,053)
Mac OS X (653)
Mandriva (3,105)
NetBSD (255)
OpenBSD (457)
RedHat (6,766)
Slackware (855)
Solaris (1,572)
SUSE (1,444)
Ubuntu (5,807)
UNIX (8,337)
UnixWare (173)
Windows (5,378)
Other

CVE-2011-0411

Overview

Related Files

File Archive:

September 2018

Top Authors In Last 30 Days

File Tags

File Archives

Systems