openSUSE Security Update : postfix (openSUSE-SU-2011:0389-1)
postfix did not clear the receive buffer after the STARTTLS command. A man-in-the middle could therefore inject commands in the unencrypted stream that get interpreted in the encrypted phase after STARTTLS CVE-2011-0411. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...