CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
84.8%
Wietse Venema has discovered a software flaw that allows
an attacker to inject client commands into an SMTP session
during the unprotected plaintext SMTP protocol phase, such
that the server will execute those commands during the SMTP-
over-TLS protocol phase when all communication is supposed
to be protected.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | postfix | = 2.7.*,1 | UNKNOWN |
FreeBSD | any | noarch | postfix | < 2.7.3,1 | UNKNOWN |
FreeBSD | any | noarch | postfix-base | = 2.7.*,1 | UNKNOWN |
FreeBSD | any | noarch | postfix-base | < 2.7.3,1 | UNKNOWN |
FreeBSD | any | noarch | postfix-current | < 2.9.20100120,4 | UNKNOWN |
FreeBSD | any | noarch | postfix-current-base | < 2.9.20100120,4 | UNKNOWN |