Showing 1 - 8 of 8

CVE-2011-0411

Status Candidate

Overview

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.

Related Files

Gentoo Linux Security Advisory 201206-33: Posted Jun 25, 2012; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201206-33 - A vulnerability has been found in Postfix, the worst of which possibly allowing remote code execution. Versions less than 2.7.4 are affected.; tags | advisory, remote, code execution; systems | linux, gentoo; advisories | CVE-2011-0411, CVE-2011-1720; SHA-256 | 05e98f47777707c46cf6dde146609306a3f61d80648b0c877d2ed8871983f6f0; Download | Favorite | View

Debian Security Advisory 2346-1: Posted Nov 16, 2011; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2346-1 - Several vulnerabilities were discovered in ProFTPD, an FTP server. ProFTPD incorrectly uses data from an unencrypted input buffer after encryption has been enabled with STARTTLS, an issue similar to CVE-2011-0411. ProFTPD uses a response pool after freeing it under exceptional conditions, possibly leading to remote code execution.; tags | advisory, remote, vulnerability, code execution; systems | linux, debian; advisories | CVE-2011-0411, CVE-2011-4130; SHA-256 | 4e0fcf4b058513cde8c483fad69e28ac40ae4aa41d60b8770ad1d405582c34f3; Download | Favorite | View

Apple Security Advisory 2011-10-12-3: Posted Oct 13, 2011; Authored by Apple | Site apple.com; Apple Security Advisory 2011-10-12-3 - OS X Lion has a security update available that addresses findings in Apache, a format string vulnerability in the Application Firewall, an arbitrary code execution vulnerability when viewing a malicious font via ATS, and 60+ other issues.; tags | advisory, arbitrary, code execution; systems | apple, osx; advisories | CVE-2009-4022, CVE-2010-0097, CVE-2010-1157, CVE-2010-1634, CVE-2010-2089, CVE-2010-2227, CVE-2010-3436, CVE-2010-3613, CVE-2010-3614, CVE-2010-3718, CVE-2010-4172, CVE-2010-4645, CVE-2011-0013, CVE-2011-0185, CVE-2011-0187, CVE-2011-0224, CVE-2011-0226, CVE-2011-0229, CVE-2011-0230, CVE-2011-0231, CVE-2011-0249, CVE-2011-0250, CVE-2011-0251, CVE-2011-0252, CVE-2011-0259, CVE-2011-0260, CVE-2011-0411, CVE-2011-0419; SHA-256 | 4d539896720bca2e48b218929a6c10484c83d72ac4b634adbd7f33f680f59ede; Download | Favorite | View

Debian Security Advisory 2233-1: Posted May 10, 2011; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2233-1 - Several vulnerabilities were discovered in Postfix, a mail transfer agent.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2009-2939, CVE-2011-0411, CVE-2011-1720; SHA-256 | 2066190092a138a8e944282214539e92f89d4e7e673e5c275fdb8a0859fc9199; Download | Favorite | View

Ubuntu Security Notice USN-1113-1: Posted Apr 18, 2011; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1113-1 - It was discovered that the Postfix package incorrectly granted write access on the PID directory to the postfix user. A local attacker could use this flaw to possibly conduct a symlink attack and overwrite arbitrary files. This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. Wietse Venema discovered that Postfix incorrectly handled cleartext commands after TLS is in place. A remote attacker could exploit this to inject cleartext commands into TLS sessions, and possibly obtain confidential information such as passwords.; tags | advisory, remote, arbitrary, local; systems | linux, ubuntu; advisories | CVE-2009-2939, CVE-2011-0411; SHA-256 | 6aa138e4da81ce01a79a100e10f8c8db333638d58fca582399c80a99743e1fb6; Download | Favorite | View

Mandriva Linux Security Advisory 2011-046: Posted Mar 18, 2011; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2011-046 - A security flaw was discovered in pure-ftpd which allows plaintext command injection over TLS.; tags | advisory; systems | linux, mandriva; advisories | CVE-2011-0411; SHA-256 | c79c0998d50cb9fdb22adc00fc447d479980cc0727ac9682e23c6d0d74fb19d2; Download | Favorite | View

Mandriva Linux Security Advisory 2011-045: Posted Mar 16, 2011; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2011-045 - A security flaw was discovered in postfix which allows plaintext command injection with SMTP sessions over TLS.; tags | advisory; systems | linux, mandriva; advisories | CVE-2011-0411; SHA-256 | 89faa00a8b6e91fed511265852b9d21d485a9bb915eedbb9c39f53fff07f4630; Download | Favorite | View

STARTTLS Plaintext Injection: Posted Mar 7, 2011; Authored by Wietse Venema; Multiple SMTP implementations suffer from a plaintext injection vulnerability with STARTTLS.; tags | advisory; advisories | CVE-2011-0411; SHA-256 | 9f712fa40e77ec9b23f56ccf53d3c72849e5a9e1a7738c614836c68c8b9595c8; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 181 files
Ubuntu 64 files
Debian 24 files
Google Security Research 14 files
malvuln 11 files
Gentoo 10 files
nu11secur1ty 6 files
mjurczyk 4 files
Apple 3 files
Julien Ahrens 3 files

File Archives

Systems

AIX (426)
Apple (1,926)
BSD (370)
CentOS (55)
Cisco (1,917)
Debian (6,625)
Fedora (1,690)
FreeBSD (1,242)
Gentoo (4,272)
HPUX (878)
iOS (330)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (44,168)
Mac OS X (684)
Mandriva (3,105)
NetBSD (255)
OpenBSD (479)
RedHat (12,364)
Slackware (941)
Solaris (1,607)
SUSE (1,444)
Ubuntu (8,167)
UNIX (9,152)
UnixWare (185)
Windows (6,505)
Other

CVE-2011-0411

Overview

Related Files

File Archive:

December 2022

Top Authors In Last 30 Days

File Tags

File Archives

Systems