Lucene search

K
freebsdFreeBSD14A6F516-502F-11E0-B448-BBFA2731F9C7
HistoryMar 07, 2011 - 12:00 a.m.

postfix -- plaintext command injection with SMTP over TLS

2011-03-0700:00:00
vuxml.freebsd.org
26

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.011

Percentile

84.8%

Wietse Venema has discovered a software flaw that allows
an attacker to inject client commands into an SMTP session
during the unprotected plaintext SMTP protocol phase, such
that the server will execute those commands during the SMTP-
over-TLS protocol phase when all communication is supposed
to be protected.

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.011

Percentile

84.8%