Fedora 14 : postfix-2.7.3-1.fc14 (2011-3394)

This is an update that fixes the CVE-2011-0411 and other bugs. For more details about the CVE-2011-0411 see: http://www.postfix.org/CVE-2011-0411.html For full list of changes see changelog that is available from: http://www.postfix.org/download.html Note that Tenable Network Security has extract...

[SECURITY] Fedora 13 Update: postfix-2.7.3-1.fc13

Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, TLS...

[SECURITY] Fedora 14 Update: postfix-2.7.3-1.fc14

Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, TLS...

FreeBSD : postfix -- plaintext command injection with SMTP over TLS (14a6f516-502f-11e0-b448-bbfa2731f9c7)

Wietse Venema has discovered a software flaw that allows an attacker to inject client commands into an SMTP session during the unprotected plaintext SMTP protocol phase, such that the server will execute those commands during the SMTP- over-TLS protocol phase when all communication is supposed to...

Mandriva Linux Security Advisory : postfix (MDVSA-2011:045)

A security flaw was discovered in postfix which allows plaintext command injection with SMTP sessions over TLS CVE-2011-0411. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/productinfo.php?cPath=149...

CVE-2011-0411

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...

DEBIAN-CVE-2011-0411

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...

CVE-2011-0411

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...

Command injection

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...

CVE-2011-0411

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...

CVE-2011-0411

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...

CVE-2011-0411

The CVE-2011-0411 entry relates to STARTTLS I/O buffering not being properly restricted, enabling plaintext command injection after TLS is established. Concrete details in connected docs include: INN/nnrpd before 2.5.3: reads unencrypted commands after TLS negotiation, allowing MITM insertion; a ...

CVE-2011-0411

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...

STARTTLS plaintext command injection vulnerability

Overview Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. Description STARTTLS is an extension to plaintext communication protocols that offers a way to upgrade a plaintext connection to an encrypted TLS or SSL connection...

postfix -- plaintext command injection with SMTP over TLS

Wietse Venema has discovered a software flaw that allows an attacker to inject client commands into an SMTP session during the unprotected plaintext SMTP protocol phase, such that the server will execute those commands during the SMTP- over-TLS protocol phase when all communication is supposed to...

Artica Detection

Artica, a web-based management console for Postfix, is installed on the remote system. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid50323; scriptversion"1.7"; scriptcvsdate"Date: 2019/11/25"; scriptnameenglish:"Artica Detection"; scriptsummaryenglish:"Looks for...

SuSE 10 Security Update : Postfix (ZYPP Patch Number 6774)

The post install script of postfix accidentally let postfix listen on all network interfaces. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid49918;...

Salim Gasmi GLD (Greylisting Daemon) - Postfix Buffer Overflow (Metasploit)

$Id: gldpostfix.rb 9669 2010-07-03 03:13:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

Mac OS X Security Update 2008-007

The remote host is missing Security Update 2008-007. SPDX-FileCopyrightText: 2010 LSS Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Mac OS X Security Update 2008-007

The remote host is missing Security Update 2008-007. One or more of the following components are affected: Apache Certificates ClamAV ColorSync CUPS Finder launchd libxslt MySQL Server Networking PHP Postfix PSNormalizer QuickLook rlogin Script Editor Single Sign-On Tomcat vim Weblog OpenVAS...