CVE-2011-0411

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
postfixpostfix
2.4
postfixpostfix
2.4.0
postfixpostfix
2.4.1
postfixpostfix
2.4.2
postfixpostfix
2.4.3
postfixpostfix
2.4.4
postfixpostfix
2.4.5
postfixpostfix
2.4.6
postfixpostfix
2.4.7
postfixpostfix
2.4.8
postfixpostfix
2.4.9
postfixpostfix
2.4.10
postfixpostfix
2.4.11
postfixpostfix
2.4.12
postfixpostfix
2.4.13
postfixpostfix
2.4.14
postfixpostfix
2.4.15
postfixpostfix
2.5.0
postfixpostfix
2.5.1
postfixpostfix
2.5.2
postfixpostfix
2.5.3
postfixpostfix
2.5.4
postfixpostfix
2.5.5
postfixpostfix
2.5.6
postfixpostfix
2.5.7
postfixpostfix
2.5.8
postfixpostfix
2.5.9
postfixpostfix
2.5.10
postfixpostfix
2.5.11
postfixpostfix
2.6
postfixpostfix
2.6.0
postfixpostfix
2.6.1
postfixpostfix
2.6.2
postfixpostfix
2.6.3
postfixpostfix
2.6.4
postfixpostfix
2.6.5
postfixpostfix
2.6.6
postfixpostfix
2.6.7
postfixpostfix
2.6.8
postfixpostfix
2.7.0
postfixpostfix
2.7.1
postfixpostfix
2.7.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
postfix
bookworm
3.7.11-0+deb12u1
fixed
bullseye
3.5.25-0+deb11u1
fixed
sid
3.9.0-3
fixed
trixie
3.9.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
postfix
dapper
Fixed 2.2.10-1ubuntu0.3
released
hardy
Fixed 2.5.1-2ubuntu1.3
released
karmic
Fixed 2.6.5-3ubuntu0.1
released
lucid
Fixed 2.7.0-1ubuntu0.1
released
maverick
Fixed 2.7.1-1ubuntu0.1
released
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
postfix
RHEL 6
2:2.6.6-2.1.el6_0
fixed
postfix-perl-scripts
RHEL 6
2:2.6.6-2.1.el6_0
fixed
Common Weakness Enumeration
References
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://secunia.com/advisories/43646
http://secunia.com/advisories/43874
http://security.gentoo.org/glsa/glsa-201206-33.xml
http://securitytracker.com/id?1025179
http://support.apple.com/kb/HT5002
http://www.debian.org/security/2011/dsa-2233
http://www.kb.cert.org/vuls/id/555316
http://www.kb.cert.org/vuls/id/MORO-8ELH6Z
http://www.openwall.com/lists/oss-security/2021/08/10/2
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
http://www.osvdb.org/71021
http://www.postfix.org/CVE-2011-0411.html
http://www.redhat.com/support/errata/RHSA-2011-0422.html
http://www.redhat.com/support/errata/RHSA-2011-0423.html
http://www.securityfocus.com/bid/46767
http://www.vupen.com/english/advisories/2011/0611
http://www.vupen.com/english/advisories/2011/0752
http://www.vupen.com/english/advisories/2011/0891
https://exchange.xforce.ibmcloud.com/vulnerabilities/65932
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://secunia.com/advisories/43646
http://secunia.com/advisories/43874
http://security.gentoo.org/glsa/glsa-201206-33.xml
http://securitytracker.com/id?1025179
http://support.apple.com/kb/HT5002
http://www.debian.org/security/2011/dsa-2233
http://www.kb.cert.org/vuls/id/555316
http://www.kb.cert.org/vuls/id/MORO-8ELH6Z
http://www.openwall.com/lists/oss-security/2021/08/10/2
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
http://www.osvdb.org/71021
http://www.postfix.org/CVE-2011-0411.html
http://www.redhat.com/support/errata/RHSA-2011-0422.html
http://www.redhat.com/support/errata/RHSA-2011-0423.html
http://www.securityfocus.com/bid/46767
http://www.vupen.com/english/advisories/2011/0611
http://www.vupen.com/english/advisories/2011/0752
http://www.vupen.com/english/advisories/2011/0891
https://exchange.xforce.ibmcloud.com/vulnerabilities/65932