Published: 16/03/2011 Updated: 10/08/2021

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The STARTTLS implementation in Postfix 2.4.x prior to 2.4.16, 2.5.x prior to 2.5.12, 2.6.x prior to 2.6.9, and 2.7.x prior to 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle malicious users to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postfix postfix 2.4
postfix postfix 2.4.4
postfix postfix 2.4.0
postfix postfix 2.4.9
postfix postfix 2.4.8
postfix postfix 2.4.6
postfix postfix 2.4.5
postfix postfix 2.4.14
postfix postfix 2.4.15
postfix postfix 2.4.3
postfix postfix 2.4.2
postfix postfix 2.4.10
postfix postfix 2.4.11
postfix postfix 2.4.1
postfix postfix 2.4.7
postfix postfix 2.4.12
postfix postfix 2.4.13
postfix postfix 2.5.0
postfix postfix 2.5.8
postfix postfix 2.5.9
postfix postfix 2.5.6
postfix postfix 2.5.7
postfix postfix 2.5.5
postfix postfix 2.5.3
postfix postfix 2.5.4
postfix postfix 2.5.10
postfix postfix 2.5.11
postfix postfix 2.5.1
postfix postfix 2.5.2
postfix postfix 2.6.2
postfix postfix 2.6.3
postfix postfix 2.6.0
postfix postfix 2.6.1
postfix postfix 2.6.8
postfix postfix 2.6.4
postfix postfix 2.6.5
postfix postfix 2.6
postfix postfix 2.6.6
postfix postfix 2.6.7
postfix postfix 2.7.0
postfix postfix 2.7.1
postfix postfix 2.7.2

An attacker could send crafted input to Postfix and cause it to reveal confidential information ...

Debian Bug report logs - #685581 inn: CVE-2012-3523 prone to STARTTLS plaintext command injection Package: inn2; Maintainer for inn2 is Marco d'Itri <md@linuxit>; Source for inn2 is src:inn2 (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Wed, 22 Aug 2012 05:39:02 UTC Severity: grave Fixed in ...

Debian Bug report logs - #989375 courier: CVE-2021-38084 Package: src:courier; Maintainer for src:courier is Markus Wanner <markus@bluegapch>; Reported by: Sysadmin HTL Leonding <debbtsreports@htl-leondingacat> Date: Wed, 2 Jun 2021 07:03:02 UTC Severity: important Tags: security, upstream Found in versions cour ...

Debian Bug report logs - #627081 STARTTLS plaintext command injection Package: cyrus-imapd-22; Maintainer for cyrus-imapd-22 is (unknown); Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Tue, 17 May 2011 15:03:05 UTC Severity: grave Tags: lenny, security, sid, squeeze Found in versions cyrus-imapd-22/ ...

Debian Bug report logs - #617849 postfix STARTTLS affected by CVE-2011-0411 Package: postfix; Maintainer for postfix is LaMont Jones <lamont@debianorg>; Source for postfix is src:postfix (PTS, buildd, popcon) Reported by: Branko Majic <branko@majicrs> Date: Fri, 11 Mar 2011 20:18:01 UTC Severity: normal Tags: lenn ...

Debian Bug report logs - #648373 [CVE-2011-4130] Use-after-free issue Package: proftpd-dfsg; Maintainer for proftpd-dfsg is ProFTPD Maintainance Team <pkg-proftpd-maintainers@alioth-listsdebiannet>; Reported by: Florian Weimer <fw@denebenyode> Date: Thu, 10 Nov 2011 20:33:02 UTC Severity: grave Tags: patch, secur ...

Several vulnerabilities were discovered in Postfix, a mail transfer agent The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2939 The postinst script grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwr ...

Several vulnerabilities were discovered in ProFTPD, an FTP server: (No CVE id) ProFTPD incorrectly uses data from an unencrypted input buffer after encryption has been enabled with STARTTLS, an issue similar to CVE-2011-0411 CVE-2011-4130 ProFTPD uses a response pool after freeing it under exception ...

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption This is similar to CVE-2011-0411 (different product) ...

CWE-264 http://secunia.com/advisories/43646 http://www.kb.cert.org/vuls/id/MORO-8ELH6Z http://www.kb.cert.org/vuls/id/555316 http://www.securityfocus.com/bid/46767 http://www.vupen.com/english/advisories/2011/0611 http://www.osvdb.org/71021 http://securitytracker.com/id?1025179 http://www.postfix.org/CVE-2011-0411.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html http://www.vupen.com/english/advisories/2011/0752 http://secunia.com/advisories/43874 http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html http://www.vupen.com/english/advisories/2011/0891 http://www.redhat.com/support/errata/RHSA-2011-0423.html http://www.debian.org/security/2011/dsa-2233 http://www.redhat.com/support/errata/RHSA-2011-0422.html http://support.apple.com/kb/HT5002 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://security.gentoo.org/glsa/glsa-201206-33.xml http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 https://exchange.xforce.ibmcloud.com/vulnerabilities/65932 http://www.openwall.com/lists/oss-security/2021/08/10/2 https://usn.ubuntu.com/1113-1/https://nvd.nist.gov https://www.postgresql.org/support/security/CVE-2021-23214/https://www.kb.cert.org/vuls/id/555316

Get Started

CVE-2011-0411

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect