#VU32859 Permissions, Privileges, and Access Controls in Postfix - CVE-2011-0411

Cybersecurity Help s.r.o.

Published: 2011-03-17 | Updated: 2020-07-28

Vulnerability identifier: #VU32859

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2011-0411

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Postfix
Server applications / Mail servers

Vendor: Postfix.org

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Postfix: 2.4.0 - 2.4.15

External links
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
https://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html
https://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
https://secunia.com/advisories/43646
https://secunia.com/advisories/43874
https://security.gentoo.org/glsa/glsa-201206-33.xml
https://securitytracker.com/id?1025179
https://support.apple.com/kb/HT5002
https://www.debian.org/security/2011/dsa-2233
https://www.kb.cert.org/vuls/id/555316
https://www.kb.cert.org/vuls/id/MORO-8ELH6Z
https://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
https://www.osvdb.org/71021
https://www.postfix.org/CVE-2011-0411.html
https://www.redhat.com/support/errata/RHSA-2011-0422.html
https://www.redhat.com/support/errata/RHSA-2011-0423.html
https://www.securityfocus.com/bid/46767
https://www.vupen.com/english/advisories/2011/0611
https://www.vupen.com/english/advisories/2011/0752
https://www.vupen.com/english/advisories/2011/0891
https://exchange.xforce.ibmcloud.com/vulnerabilities/65932

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for Postfix

Permissions, Privileges, and Access Controls in postfix (Alpine package)

Permissions, Privileges, and Access Controls in Postfix