CVE-2011-0411
published 2011-03-16CVE-2011-0411: The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O…
PriorityP343medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
16.33%
96.6th percentile
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
Affected
303 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cmu | cyrus_imap_server | <= 2.4.6 | — |
| cmu | cyrus_imap_server | — | — |
| cmu | cyrus_imap_server | — | — |
| cmu | cyrus_imap_server | — | — |
| cmu | cyrus_imap_server | — | — |
| cmu | cyrus_imap_server | — | — |
| cmu | cyrus_imap_server | — | — |
| cmu | cyrus_imap_server | — | — |
| cmu | cyrus_imap_server | — | — |
| cmu | cyrus_imap_server | — | — |
| cmu | cyrus_imap_server | — | — |
| cmu | cyrus_imap_server | — | — |
| cmu | cyrus_imap_server | — | — |
| cmu | cyrus_imap_server | — | — |
| cmu | cyrus_imap_server | — | — |
| cmu | cyrus_imap_server | — | — |
| cmu | cyrus_imap_server | — | — |
| cmu | cyrus_imap_server | — | — |
| cmu | cyrus_imap_server | — | — |
| cmu | cyrus_imap_server | — | — |
| cmu | cyrus_imap_server | — | — |
| cmu | cyrus_imap_server | — | — |
| cmu | cyrus_imap_server | — | — |
| cmu | cyrus_imap_server | — | — |
| cmu | cyrus_imap_server | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_ubuntu6.9MEDIUM
vendor_debian6.8LOW
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade
ghsa·2026-04-18
CVE-2021-23993 [MEDIUM] CWE-74 MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade
MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade
### Summary
A STARTTLS Response Injection vulnerability in MailKit allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication mechanism downgrade (e.g., forcing PLAIN instead of SCRAM-SHA-256). The internal read buffer in `SmtpStream`, `ImapStream`, and `Pop3Stream` is not flushed when the underlying stream is replaced with `SslStream` during STARTTLS upgrade, causing pre-TLS attacker-injected data to be processed as trusted post-TLS responses. This is the same vulnerability class as CVE-2021-23993 (Thunderbird), CVE-2021-33515 (Dovecot), and CVE-2011-0411 (Postfix).
### Details
The `Stream` pr
GHSA
GHSA-mqpg-5c3p-cx82: The STARTTLS implementation in ftp_parser
ghsa_unreviewed·2022-05-17·CVSS 6.8
CVE-2011-1575 [MEDIUM] GHSA-mqpg-5c3p-cx82: The STARTTLS implementation in ftp_parser
The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
GHSA
GHSA-p5jh-65m7-7pfg: The STARTTLS implementation in SCO SCOoffice Server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert comma
ghsa_unreviewed·2022-05-17·CVSS 6.8
CVE-2011-1432 [MEDIUM] GHSA-p5jh-65m7-7pfg: The STARTTLS implementation in SCO SCOoffice Server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert comma
The STARTTLS implementation in SCO SCOoffice Server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
GHSA
GHSA-c4mq-4wp5-9pxq: The STARTTLS implementation in qmail-smtpd
ghsa_unreviewed·2022-05-17·CVSS 6.8
CVE-2011-1431 [MEDIUM] GHSA-c4mq-4wp5-9pxq: The STARTTLS implementation in qmail-smtpd
The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
GHSA
GHSA-vmw6-ff98-m24q: The STARTTLS implementation in Kerio Connect 7
ghsa_unreviewed·2022-05-17·CVSS 6.8
CVE-2011-1506 [MEDIUM] CWE-20 GHSA-vmw6-ff98-m24q: The STARTTLS implementation in Kerio Connect 7
The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. NOTE: some of these details are obtained from third party information.
GHSA
GHSA-7445-q6fm-5g46: The STARTTLS implementation in WatchGuard XCS 9
ghsa_unreviewed·2022-05-17·CVSS 6.8
CVE-2011-2165 [MEDIUM] GHSA-7445-q6fm-5g46: The STARTTLS implementation in WatchGuard XCS 9
The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
GHSA
GHSA-g67q-3725-x6h7: The STARTTLS implementation in nnrpd in INN before 2
ghsa_unreviewed·2022-05-17·CVSS 6.8
CVE-2012-3523 [MEDIUM] GHSA-g67q-3725-x6h7: The STARTTLS implementation in nnrpd in INN before 2
The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
GHSA
GHSA-93q5-9xfx-j4cw: The STARTTLS implementation in the server in Ipswitch IMail 11
ghsa_unreviewed·2022-05-17·CVSS 6.8
CVE-2011-1430 [MEDIUM] CWE-20 GHSA-93q5-9xfx-j4cw: The STARTTLS implementation in the server in Ipswitch IMail 11
The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
GHSA
GHSA-w7v6-vm58-fw22: The STARTTLS implementation in Cyrus IMAP Server before 2
ghsa_unreviewed·2022-05-14·CVSS 6.8
CVE-2011-1926 [MEDIUM] GHSA-w7v6-vm58-fw22: The STARTTLS implementation in Cyrus IMAP Server before 2
The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
GHSA
GHSA-2gf2-4wwm-4cm6: The STARTTLS implementation in Postfix 2
ghsa_unreviewed·2022-05-13
CVE-2011-0411 [MEDIUM] GHSA-2gf2-4wwm-4cm6: The STARTTLS implementation in Postfix 2
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
GHSA
GHSA-8277-2g6w-24gq: The STARTTLS implementation in mail/ngx_mail_smtp_handler
ghsa_unreviewed·2022-05-13·CVSS 6.8
CVE-2014-3556 [MEDIUM] CWE-77 GHSA-8277-2g6w-24gq: The STARTTLS implementation in mail/ngx_mail_smtp_handler
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
OSV
CVE-2014-3556: The STARTTLS implementation in mail/ngx_mail_smtp_handler
osv·2014-12-29·CVSS 6.8
CVE-2014-3556 [MEDIUM] CVE-2014-3556: The STARTTLS implementation in mail/ngx_mail_smtp_handler
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
OSV
CVE-2012-3523: The STARTTLS implementation in nnrpd in INN before 2
osv·2012-11-11·CVSS 6.8
CVE-2012-3523 [MEDIUM] CVE-2012-3523: The STARTTLS implementation in nnrpd in INN before 2
The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
OSV
CVE-2011-1575: The STARTTLS implementation in ftp_parser
osv·2011-05-23·CVSS 6.8
CVE-2011-1575 [MEDIUM] CVE-2011-1575: The STARTTLS implementation in ftp_parser
The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
OSV
CVE-2011-0411: The STARTTLS implementation in Postfix 2
osv·2011-03-16·CVSS 6.8
CVE-2011-0411 [MEDIUM] CVE-2011-0411: The STARTTLS implementation in Postfix 2
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
Red Hat
nginx: SMTP STARTTLS plaintext injection flaw
vendor_redhat·2014-08-05·CVSS 6.8
CVE-2014-3556 [MEDIUM] nginx: SMTP STARTTLS plaintext injection flaw
nginx: SMTP STARTTLS plaintext injection flaw
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
Statement: This issue did not affect the versions of nginx as shipped with Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 and 7.
Package: nginx14-nginx (Red Hat Software Collections) - Not affected
Package: nginx16-nginx (Red Hat Software Collections) - Affected
Debian
CVE-2014-3556: nginx - The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in...
vendor_debian·2014·CVSS 6.8
CVE-2014-3556 [MEDIUM] CVE-2014-3556: nginx - The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in...
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
Scope: local
bookworm: resolved (fixed in 1.6.1-1)
bullseye: resolved (fixed in 1.6.1-1)
forky: resolved (fixed in 1.6.1-1)
sid: resolved (fixed in 1.6.1-1)
trixie: resolved (fixed in 1.6.1-1)
Red Hat
(nnrpd): Prone to STARTTLS plaintext command injection
vendor_redhat·2012-06-15·CVSS 6.8
CVE-2012-3523 [MEDIUM] (nnrpd): Prone to STARTTLS plaintext command injection
(nnrpd): Prone to STARTTLS plaintext command injection
The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
Statement: Not vulnerable. This issue did not affect the versions of inn as shipped with Red Hat Enterprise Linux 5 as they did not include support for the STARTTLS command.
Package: inn (Red Hat Enterprise Linux 5) - Not affected
Debian
CVE-2012-3523: inn - The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restr...
vendor_debian·2012·CVSS 6.8
CVE-2012-3523 [MEDIUM] CVE-2012-3523: inn - The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restr...
The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Ubuntu
Postfix vulnerabilities
vendor_ubuntu·2011-04-18·CVSS 6.9
CVE-2009-2939 [MEDIUM] Postfix vulnerabilities
Title: Postfix vulnerabilities
Summary: An attacker could send crafted input to Postfix and cause it to reveal
confidential information.
It was discovered that the Postfix package incorrectly granted write access
on the PID directory to the postfix user. A local attacker could use this
flaw to possibly conduct a symlink attack and overwrite arbitrary files.
This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. (CVE-2009-2939)
Wietse Venema discovered that Postfix incorrectly handled cleartext
commands after TLS is in place. A remote attacker could exploit this to
inject cleartext commands into TLS sessions, and possibly obtain
confidential information such as passwords. (CVE-2011-0411)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
cyrus-imapd: STARTTLS plaintext command injection
vendor_redhat·2011-03-25·CVSS 6.8
CVE-2011-1926 [MEDIUM] cyrus-imapd: STARTTLS plaintext command injection
cyrus-imapd: STARTTLS plaintext command injection
The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
Red Hat
postfix: SMTP commands injection during plaintext to TLS session switch
vendor_redhat·2011-03-05·CVSS 6.8
CVE-2011-0411 [MEDIUM] postfix: SMTP commands injection during plaintext to TLS session switch
postfix: SMTP commands injection during plaintext to TLS session switch
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
Statement: This issue affected postfix packages in Red Hat Enterprise Linux 4, 5, and 6. It was corrected via RHSA-2011:0422 and RHSA-2011:0423.
This issue did not affect the versions of sendmail as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6, and the versions of exim as shipped with Red Hat Enterprise Linux 4 and 5.
Debian
CVE-2011-0411: postfix - The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12,...
vendor_debian·2011·CVSS 6.8
CVE-2011-0411 [MEDIUM] CVE-2011-0411: postfix - The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12,...
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
Scope: local
bookworm: resolved (fixed in 2.8.0-1)
bullseye: resolved (fixed in 2.8.0-1)
forky: resolved (fixed in 2.8.0-1)
sid: resolved (fixed in 2.8.0-1)
trixie: resolved (fixed in 2.8.0-1)
Debian
CVE-2011-1575: pure-ftpd - The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not ...
vendor_debian·2011·CVSS 6.8
CVE-2011-1575 [MEDIUM] CVE-2011-1575: pure-ftpd - The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not ...
The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
Scope: local
bookworm: resolved (fixed in 1.0.30-1)
bullseye: resolved (fixed in 1.0.30-1)
sid: resolved (fixed in 1.0.30-1)
trixie: resolved (fixed in 1.0.30-1)
No detection rules found.
No public exploits indexed.
HackerOne
SMTP interaction theft via MITM
hackerone·2020-11-04·CVSS 6.8
CVE-2011-0411 [MEDIUM] SMTP interaction theft via MITM
SMTP interaction theft via MITM
See http://www.postfix.org/CVE-2011-0411.html for adetailled description.
## Impact
MitM could obtain user credentials.
@duesee found it was possible for an active MITM to inject a plaintext collaborator ID and use that to steal collaborator SMTP interactions We patched this in the following release: https://portswigger.net/burp/releases/professional-community-2020-9-2
This issue is closely related to CVE-2011-0411, and due to our non-standard SMTP implementation, some vulnerability scanners incorrectly flag the patched server as being vulnerable.
Bugzilla
IMAP Response Injection when using STARTTLS
bugzilla·2020-03-15·CVSS 6.8
[MEDIUM] IMAP Response Injection when using STARTTLS
IMAP Response Injection when using STARTTLS
Created attachment 9133442
response-injection-release.zip
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:74.0) Gecko/20100101 Firefox/74.0
Steps to reproduce:
Thunderbird has connected to an IMAP server and issued the starttls command. The server responds with "okay, let's start TLS now". However, the server (or some malicious party) also appends extra data after the starttls server response.
Example trace:
S: * OK [CAPABILITY IMAP4REV1 STARTTLS LOGINDISABLED]\r\n
C: 1 STARTTLS\r\n
S: 1 OK start TLS now\r\n* OK [ALERT] Huch?\r\n2 OK ...\r\n4 OK ...\r\n
----- --- everything after this line is encrypted -----
C: 2 capability\r\n
// Thunderbird proceeds with login, as "2 OK" was already received/buffered
C: 4 login \"alice\" \"password\"\r\n
/
Bugzilla
CVE-2012-3523 inn (nnrpd): Prone to STARTTLS plaintext command injection
bugzilla·2012-08-21·CVSS 6.8
CVE-2012-3523 [MEDIUM] CVE-2012-3523 inn (nnrpd): Prone to STARTTLS plaintext command injection
CVE-2012-3523 inn (nnrpd): Prone to STARTTLS plaintext command injection
The STARTTLS implementation in INN's NNTP server for readers, nnrpd, before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
References:
[1] https://www.isc.org/software/inn/2.5.3article
[2] https://bugs.gentoo.org/show_bug.cgi?id=432002
Relevant upstream patch
(the 'diff -Nurp inn-2.5.2/nnrpd/misc.c inn-2.5.3/nnrpd/misc.c' part):
[3] ftp://ftp.isc.org/isc/inn/inn-2.5.2-2.5.3.diff.gz
Discussion:
This issue affects the version of the inn package, as shipped with Red Hat Enterpri
Bugzilla
CVE-2011-1575 pure-ftpd: command injection during plaintext to TLS session switch
bugzilla·2011-03-08·CVSS 6.8
CVE-2011-1575 [MEDIUM] CVE-2011-1575 pure-ftpd: command injection during plaintext to TLS session switch
CVE-2011-1575 pure-ftpd: command injection during plaintext to TLS session switch
Pure-FTPd has released version 1.0.30 which fixes a STARTTLS flaw similar to Postfix's CVE-2011-0411 [1]. Upgrading is recommended.
References:
[1] http://www.pureftpd.org/project/pure-ftpd/news
Discussion:
Created pure-ftpd tracking bugs for this issue
Affects: fedora-all [bug 683223]
Affects: epel-all [bug 683224]
---
This was assigned the name CVE-2011-1575:
http://permalink.gmane.org/gmane.comp.security.oss.general/4858
Bugzilla
CVE-2011-0411 postfix: SMTP commands injection during plaintext to TLS session switch [fedora-all]
bugzilla·2011-03-08·CVSS 6.8
CVE-2011-0411 [MEDIUM] CVE-2011-0411 postfix: SMTP commands injection during plaintext to TLS session switch [fedora-all]
CVE-2011-0411 postfix: SMTP commands injection during plaintext to TLS session switch [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=674814
Please note: thi
Bugzilla
CVE-2011-0411 postfix: SMTP commands injection during plaintext to TLS session switch
bugzilla·2011-02-03·CVSS 6.8
CVE-2011-0411 [MEDIUM] CVE-2011-0411 postfix: SMTP commands injection during plaintext to TLS session switch
CVE-2011-0411 postfix: SMTP commands injection during plaintext to TLS session switch
It was found, that Postfix, a Mail Transport Agent (MTA), recognized
SMTP commands during plaintex to TLS session switch (by TLS protocol
initialization). A remote attacker could use this flaw to insert
plaintext SMTP protocol commands into TLS protocol initialization
messages, leading to SMTP commands execution during the ciphertext
protocol phase, allowing the attacker to steal user credentials
and conduct man-in-the-middle (MITM) attacks.
References:
[1] http://www.kb.cert.org/vuls/id/555316 (not public yet)
Discussion:
This issue affects the versions of the postfix package, as shipped
with Red Hat Enterprise Linux 4, 5, and 6.
--
This issue affects the versions of the postfix package, as shipped
RFC
Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)
rfc·2015-02-01
Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)
Internet Engineering Task Force (IETF) Y. Sheffer
Request for Comments: 7457 Porticor
Category: Informational R. Holz
ISSN: 2070-1721 Technische Universitaet Muenchen
P. Saint-Andre
&yet
February 2015
Summarizing Known Attacks on Transport Layer Security (TLS)
and Datagram TLS (DTLS)
Abstract
Over the last few years, there have been several serious attacks on
Transport Layer Security (TLS), including attacks on its most
commonly used ciphers and modes of operation. This document
summarizes these attacks, with the goal of motivating generic and
protocol-specific recommendations on the usage of TLS and Datagram
TLS (DTLS).
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the In
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlhttp://secunia.com/advisories/43646http://secunia.com/advisories/43874http://security.gentoo.org/glsa/glsa-201206-33.xmlhttp://securitytracker.com/id?1025179http://support.apple.com/kb/HT5002http://www.debian.org/security/2011/dsa-2233http://www.kb.cert.org/vuls/id/555316http://www.kb.cert.org/vuls/id/MORO-8ELH6Zhttp://www.openwall.com/lists/oss-security/2021/08/10/2http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.htmlhttp://www.osvdb.org/71021http://www.postfix.org/CVE-2011-0411.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0422.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0423.htmlhttp://www.securityfocus.com/bid/46767http://www.vupen.com/english/advisories/2011/0611http://www.vupen.com/english/advisories/2011/0752http://www.vupen.com/english/advisories/2011/0891https://exchange.xforce.ibmcloud.com/vulnerabilities/65932http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlhttp://secunia.com/advisories/43646http://secunia.com/advisories/43874http://security.gentoo.org/glsa/glsa-201206-33.xmlhttp://securitytracker.com/id?1025179http://support.apple.com/kb/HT5002http://www.debian.org/security/2011/dsa-2233http://www.kb.cert.org/vuls/id/555316http://www.kb.cert.org/vuls/id/MORO-8ELH6Zhttp://www.openwall.com/lists/oss-security/2021/08/10/2http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.htmlhttp://www.osvdb.org/71021http://www.postfix.org/CVE-2011-0411.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0422.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0423.htmlhttp://www.securityfocus.com/bid/46767http://www.vupen.com/english/advisories/2011/0611http://www.vupen.com/english/advisories/2011/0752http://www.vupen.com/english/advisories/2011/0891https://exchange.xforce.ibmcloud.com/vulnerabilities/65932
2011-03-16
Published