1. Home
  2. Vulnerabilities
  3. CVE-2011-0411

CVE-2011-0411

CVSS v2.0 6.8 (Medium)
68% Progress
EPSS 1.14 % (85th)
1.14% Progress
Affected Products 1
Advisories 14
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.

Weaknesses
CWE-264
Permissions, Privileges, and Access Controls
Related CVEs
CVE Status
PUBLISHED
CNA
CERT/CC
Published Date
2011-03-16 22:55:02
(13 years ago)
Updated Date
2021-08-10 12:15:07
(3 years ago)

Affected Products

Postfix

Configuration #1

    CPE23 From Up To
  Postfix 2.4 cpe:2.3:a:postfix:postfix:2.4
  Postfix 2.4.0 cpe:2.3:a:postfix:postfix:2.4.0
  Postfix 2.4.1 cpe:2.3:a:postfix:postfix:2.4.1
  Postfix 2.4.2 cpe:2.3:a:postfix:postfix:2.4.2
  Postfix 2.4.3 cpe:2.3:a:postfix:postfix:2.4.3
  Postfix 2.4.4 cpe:2.3:a:postfix:postfix:2.4.4
  Postfix 2.4.5 cpe:2.3:a:postfix:postfix:2.4.5
  Postfix 2.4.6 cpe:2.3:a:postfix:postfix:2.4.6
  Postfix 2.4.7 cpe:2.3:a:postfix:postfix:2.4.7
  Postfix 2.4.8 cpe:2.3:a:postfix:postfix:2.4.8
  Postfix 2.4.9 cpe:2.3:a:postfix:postfix:2.4.9
  Postfix 2.4.10 cpe:2.3:a:postfix:postfix:2.4.10
  Postfix 2.4.11 cpe:2.3:a:postfix:postfix:2.4.11
  Postfix 2.4.12 cpe:2.3:a:postfix:postfix:2.4.12
  Postfix 2.4.13 cpe:2.3:a:postfix:postfix:2.4.13
  Postfix 2.4.14 cpe:2.3:a:postfix:postfix:2.4.14
  Postfix 2.4.15 cpe:2.3:a:postfix:postfix:2.4.15

Configuration #2

    CPE23 From Up To
  Postfix 2.5.0 cpe:2.3:a:postfix:postfix:2.5.0
  Postfix 2.5.1 cpe:2.3:a:postfix:postfix:2.5.1
  Postfix 2.5.2 cpe:2.3:a:postfix:postfix:2.5.2
  Postfix 2.5.3 cpe:2.3:a:postfix:postfix:2.5.3
  Postfix 2.5.4 cpe:2.3:a:postfix:postfix:2.5.4
  Postfix 2.5.5 cpe:2.3:a:postfix:postfix:2.5.5
  Postfix 2.5.6 cpe:2.3:a:postfix:postfix:2.5.6
  Postfix 2.5.7 cpe:2.3:a:postfix:postfix:2.5.7
  Postfix 2.5.8 cpe:2.3:a:postfix:postfix:2.5.8
  Postfix 2.5.9 cpe:2.3:a:postfix:postfix:2.5.9
  Postfix 2.5.10 cpe:2.3:a:postfix:postfix:2.5.10
  Postfix 2.5.11 cpe:2.3:a:postfix:postfix:2.5.11

Configuration #3

    CPE23 From Up To
  Postfix 2.6 cpe:2.3:a:postfix:postfix:2.6
  Postfix 2.6.0 cpe:2.3:a:postfix:postfix:2.6.0
  Postfix 2.6.1 cpe:2.3:a:postfix:postfix:2.6.1
  Postfix 2.6.2 cpe:2.3:a:postfix:postfix:2.6.2
  Postfix 2.6.3 cpe:2.3:a:postfix:postfix:2.6.3
  Postfix 2.6.4 cpe:2.3:a:postfix:postfix:2.6.4
  Postfix 2.6.5 cpe:2.3:a:postfix:postfix:2.6.5
  Postfix 2.6.6 cpe:2.3:a:postfix:postfix:2.6.6
  Postfix 2.6.7 cpe:2.3:a:postfix:postfix:2.6.7
  Postfix 2.6.8 cpe:2.3:a:postfix:postfix:2.6.8

Configuration #4

    CPE23 From Up To
  Postfix 2.7.0 cpe:2.3:a:postfix:postfix:2.7.0
  Postfix 2.7.1 cpe:2.3:a:postfix:postfix:2.7.1
  Postfix 2.7.2 cpe:2.3:a:postfix:postfix:2.7.2