Lucene search

K
gentooGentoo FoundationGLSA-201206-33
HistoryJun 25, 2012 - 12:00 a.m.

Postfix: Multiple vulnerabilities

2012-06-2500:00:00
Gentoo Foundation
security.gentoo.org
28

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.9

Confidence

High

EPSS

0.887

Percentile

98.7%

Background

Postfix is Wietse Venema’s mailer that attempts to be fast, easy to administer, and secure, as an alternative to the widely-used Sendmail program.

Description

A vulnerability have been discovered in Postfix. Please review the CVE identifier referenced below for details.

Impact

An attacker could perform a man-in-the-middle attack and inject SMTP commands during the plaintext to TLS session switch or might execute arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All Postfix users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.7.4"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmail-mta/postfix< 2.7.4UNKNOWN

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.9

Confidence

High

EPSS

0.887

Percentile

98.7%