All the vulnerabilites related to postfix - postfix
var-201103-0114
Vulnerability from variot
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack. Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. plural STARTTLS There is a vulnerability in the implementation of. plural STARTTLS Implementation of a man-in-the-middle attack (man-in-the-middle attack) May insert a command. This vulnerability is due to the fact that switching to ciphertext communication is performed at a lower layer than the application. This vulnerability is only relevant for implementations that perform certificate validation.An arbitrary command may be executed by a remote attacker who can intercept communications. Postfix is a mail transfer agent used in Unix-like operating systems. The STARTTLS implementation in Postfix 2.4.x prior to 2.4.16, 2.5.x prior to 2.5.12, 2.6.x prior to 2.6.9, and 2.7.x prior to 2.7.3 did not properly restrict I/ O buffering effect. ========================================================================== Ubuntu Security Notice USN-1113-1 April 18, 2011
postfix vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
- Ubuntu 8.04 LTS
- Ubuntu 6.06 LTS
Summary:
An attacker could send crafted input to Postfix and cause it to reveal confidential information. This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. (CVE-2009-2939)
Wietse Venema discovered that Postfix incorrectly handled cleartext commands after TLS is in place. (CVE-2011-0411)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 10.10: postfix 2.7.1-1ubuntu0.1
Ubuntu 10.04 LTS: postfix 2.7.0-1ubuntu0.1
Ubuntu 9.10: postfix 2.6.5-3ubuntu0.1
Ubuntu 8.04 LTS: postfix 2.5.1-2ubuntu1.3
Ubuntu 6.06 LTS: postfix 2.2.10-1ubuntu0.3
In general, a standard system update will make all the necessary changes.
References: CVE-2009-2939, CVE-2011-0411
Package Information: https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.1 https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/postfix/2.6.5-3ubuntu0.1 https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.3 https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.3
.
CVE-2011-4130 ProFTPD uses a response pool after freeing it under exceptional conditions, possibly leading to remote code execution. ----------------------------------------------------------------------
Get a tax break on purchases of Secunia Solutions!
If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/
TITLE: Postfix "STARTTLS" Plaintext Injection Vulnerability
SECUNIA ADVISORY ID: SA43646
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43646/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43646
RELEASE DATE: 2011-03-09
DISCUSS ADVISORY: http://secunia.com/advisories/43646/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43646/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43646
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Postfix, which can be exploited by malicious people to manipulate certain data.
The vulnerability is caused due to the TLS implementation not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the "STARTTLS" command. This can be exploited to insert arbitrary plaintext data (e.g. SMTP commands) during the plaintext phase, which will then be executed after upgrading to the TLS ciphertext phase.
The vulnerability is reported in version 2.2 and all releases prior to versions 2.4.16, 2.5.12, 2.6.9, and 2.7.3.
SOLUTION: Update to versions 2.4.16, 2.5.12, 2.6.9, and 2.7.3.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.postfix.org/CVE-2011-0411.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-33
http://security.gentoo.org/
Severity: High Title: Postfix: Multiple vulnerabilities Date: June 25, 2012 Bugs: #358085, #366605 ID: 201206-33
Synopsis
A vulnerability has been found in Postfix, the worst of which possibly allowing remote code execution.
Background
Postfix is Wietse Venema=E2=80=99s mailer that attempts to be fast, easy = to administer, and secure, as an alternative to the widely-used Sendmail program.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 mail-mta/postfix < 2.7.4 >= 2.7.4
Description
A vulnerability have been discovered in Postfix. Please review the CVE identifier referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Postfix users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.7.4"
References
[ 1 ] CVE-2011-0411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0411 [ 2 ] CVE-2011-1720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1720
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-33.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2009-2939 The postinst script grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.
CVE-2011-1720 A heap-based read-only buffer overflow allows malicious clients to crash the smtpd server process using a crafted SASL authentication request.
For the oldstable distribution (lenny), this problem has been fixed in version 2.5.5-1.1+lenny1.
For the stable distribution (squeeze), this problem has been fixed in version 2.7.1-1+squeeze1.
For the unstable distribution (sid), this problem has been fixed in version 2.8.0-1.
We recommend that you upgrade your postfix packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJNyXybAAoJEL97/wQC1SS+xb0H/igqYhOTtvO91deptOPyednw 5sBQPXGoo+RXeomLsJk8P6ezm7fEGTSl7GUEpNwS1qsqAPVnl9XAK6dOGFae1PbG 2L93eR6AKgKo60tp2On1Tf1c0HcD6yKiZ6J7C7nZ3E8+yZwSd1k6826ZUQ3gzKKW DTIu6w2CzzleK/bppWfhAvwvobHD6X1B16qklZfqw6H0C/QfMjM8ZXLCRv9Tq1TN jX1W4qeed7pr8r3pTJ9npzae7drqFLoVDi0tpGKi0UHEwgRma1AbDaI2BVmeblue YNRHg7H+TqfrUwN8iB64WrYvqnHCQfvViL8f0ML2uJXJf/lHby+vxPl6EGxAIoY= =yCCp -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006
OS X Lion v10.7.2 and Security Update 2011-006 is now available and addresses the following:
Apache Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in Apache Description: Apache is updated to version 2.2.20 to address several vulnerabilities, the most serious of which may lead to a denial of service. CVE-2011-0419 does not affect OS X Lion systems. Further information is available via the Apache web site at http://httpd.apache.org/ CVE-ID CVE-2011-0419 CVE-2011-3192
Application Firewall Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Executing a binary with a maliciously crafted name may lead to arbitrary code execution with elevated privileges Description: A format string vulnerability existed in Application Firewall's debug logging. CVE-ID CVE-2011-0185 : an anonymous reporter
ATS Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution Description: A signedness issue existed in ATS' handling of Type 1 fonts. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3437
ATS Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution Description: An out of bounds memory access issue existed in ATS' handling of Type 1 fonts. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0229 : Will Dormann of the CERT/CC
ATS Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Applications which use the ATSFontDeactivate API may be vulnerable to an unexpected application termination or arbitrary code execution Description: A buffer overflow issue existed in the ATSFontDeactivate API. CVE-ID CVE-2011-0230 : Steven Michaud of Mozilla
BIND Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in BIND 9.7.3 Description: Multiple denial of service issues existed in BIND 9.7.3. These issues are addressed by updating BIND to version 9.7.3-P3. CVE-ID CVE-2011-1910 CVE-2011-2464
BIND Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in BIND Description: Multiple denial of service issues existed in BIND. These issues are addressed by updating BIND to version 9.6-ESV-R4-P3. CVE-ID CVE-2009-4022 CVE-2010-0097 CVE-2010-3613 CVE-2010-3614 CVE-2011-1910 CVE-2011-2464
Certificate Trust Policy Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1. Impact: Root certificates have been updated Description: Several trusted certificates were added to the list of system roots. Several existing certificates were updated to their most recent version. The complete list of recognized system roots may be viewed via the Keychain Access application.
CFNetwork Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Safari may store cookies it is not configured to accept Description: A synchronization issue existed in CFNetwork's handling of cookie policies. Safari's cookie preferences may not be honored, allowing websites to set cookies that would be blocked were the preference enforced. This update addresses the issue through improved handling of cookie storage. CVE-ID CVE-2011-0231 : Martin Tessarek, Steve Riggins of Geeks R Us, Justin C. Walker, and Stephen Creswell
CFNetwork Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of HTTP cookies. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could incorrectly send the cookies for a domain to a server outside that domain. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3246 : Erling Ellingsen of Facebook
CoreFoundation Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in CoreFoundation's handling of string tokenization. This issue does not affect OS X Lion systems. This update addresses the issue through improved bounds checking. CVE-ID CVE-2011-0259 : Apple
CoreMedia Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Visiting a maliciously crafted website may lead to the disclosure of video data from another site Description: A cross-origin issue existed in CoreMedia's handling of cross-site redirects. This issue is addressed through improved origin tracking. CVE-ID CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)
CoreMedia Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of QuickTime movie files. These issues do not affect OS X Lion systems. CVE-ID CVE-2011-0224 : Apple
CoreProcesses Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A person with physical access to a system may partially bypass the screen lock Description: A system window, such as a VPN password prompt, that appeared while the screen was locked may have accepted keystrokes while the screen was locked. This issue is addressed by preventing system windows from requesting keystrokes while the screen is locked. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-0260 : Clint Tseng of the University of Washington, Michael Kobb, and Adam Kemp
CoreStorage Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Converting to FileVault does not erase all existing data Description: After enabling FileVault, approximately 250MB at the start of the volume was left unencrypted on the disk in an unused area. Only data which was present on the volume before FileVault was enabled was left unencrypted. This issue is addressed by erasing this area when enabling FileVault, and on the first use of an encrypted volume affected by this issue. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3212 : Judson Powers of ATC-NY
File Systems Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: An attacker in a privileged network position may manipulate HTTPS server certificates, leading to the disclosure of sensitive information Description: An issue existed in the handling of WebDAV volumes on HTTPS servers. If the server presented a certificate chain that could not be automatically verified, a warning was displayed and the connection was closed. If the user clicked the "Continue" button in the warning dialog, any certificate was accepted on the following connection to that server. An attacker in a privileged network position may have manipulated the connection to obtain sensitive information or take action on the server on the user's behalf. This update addresses the issue by validating that the certificate received on the second connection is the same certificate originally presented to the user. CVE-ID CVE-2011-3213 : Apple
IOGraphics Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: A person with physical access may be able to bypass the screen lock Description: An issue existed with the screen lock when used with Apple Cinema Displays. When a password is required to wake from sleep, a person with physical access may be able to access the system without entering a password if the system is in display sleep mode. This update addresses the issue by ensuring that the lock screen is correctly activated in display sleep mode. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3214 : Apple
iChat Server Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A remote attacker may cause the Jabber server to consume system resources disproportionately Description: An issue existed in the handling of XML external entities in jabberd2, a server for the Extensible Messaging and Presence Protocol (XMPP). jabberd2 expands external entities in incoming requests. This allows an attacker to consume system resources very quickly, denying service to legitimate users of the server. This update addresses the issue by disabling entity expansion in incoming requests. CVE-ID CVE-2011-1755
Kernel Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A person with physical access may be able to access the user's password Description: A logic error in the kernel's DMA protection permitted firewire DMA at loginwindow, boot, and shutdown, although not at screen lock. This update addresses the issue by preventing firewire DMA at all states where the user is not logged in. CVE-ID CVE-2011-3215 : Passware, Inc.
Kernel Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: An unprivileged user may be able to delete another user's files in a shared directory Description: A logic error existed in the kernel's handling of file deletions in directories with the sticky bit. CVE-ID CVE-2011-3216 : Gordon Davisson of Crywolf, Linc Davis, R. Dormer, and Allan Schmid and Oliver Jeckel of brainworks Training
libsecurity Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution Description: An error handling issue existed when parsing a nonstandard certificate revocation list extension. CVE-ID CVE-2011-3227 : Richard Godbee of Virginia Tech
Mailman Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in Mailman 2.1.14 Description: Multiple cross-site scripting issues existed in Mailman 2.1.14. These issues are addressed by improved encoding of characters in HTML output. Further information is available via the Mailman site at http://mail.python.org/pipermail/mailman- announce/2011-February/000158.html This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0707
MediaKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of disk images. These issues do not affect OS X Lion systems. CVE-ID CVE-2011-3217 : Apple
Open Directory Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Any user may read another local user's password data Description: An access control issue existed in Open Directory. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3435 : Arek Dreyer of Dreyer Network Consultants, Inc, and Patrick Dunstan at defenseindepth.net
Open Directory Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: An authenticated user may change that account's password without providing the current password Description: An access control issue existed in Open Directory. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3436 : Patrick Dunstan at defenceindepth.net
Open Directory Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A user may be able to log in without a password Description: When Open Directory is bound to an LDAPv3 server using RFC2307 or custom mappings, such that there is no AuthenticationAuthority attribute for a user, an LDAP user may be allowed to log in without a password. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3226 : Jeffry Strunk of The University of Texas at Austin, Steven Eppler of Colorado Mesa University, Hugh Cole-Baker, and Frederic Metoz of Institut de Biologie Structurale
PHP Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.6. This issue does not affect systems prior to OS X Lion. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2011-0226
PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in libpng 1.4.3 Description: libpng is updated to version 1.5.4 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-2690 CVE-2011-2691 CVE-2011-2692
PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in PHP 5.3.4 Description: PHP is updated to version 5.3.6 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. This issues do not affect OS X Lion systems. Further information is available via the PHP website at http://www.php.net/ CVE-ID CVE-2010-3436 CVE-2010-4645 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708 CVE-2011-1092 CVE-2011-1153 CVE-2011-1466 CVE-2011-1467 CVE-2011-1468 CVE-2011-1469 CVE-2011-1470 CVE-2011-1471
postfix Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: An attacker in a privileged network position may manipulate mail sessions, resulting in the disclosure of sensitive information Description: A logic issue existed in Postfix in the handling of the STARTTLS command. After receiving a STARTTLS command, Postfix may process other plain-text commands. An attacker in a privileged network position may manipulate the mail session to obtain sensitive information from the encrypted traffic. This update addresses the issue by clearing the command queue after processing a STARTTLS command. This issue does not affect OS X Lion systems. Further information is available via the Postfix site at http://www.postfix.org/announcements/postfix-2.7.3.html CVE-ID CVE-2011-0411
python Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in python Description: Multiple vulnerabilities existed in python, the most serious of which may lead to arbitrary code execution. This update addresses the issues by applying patches from the python project. Further information is available via the python site at http://www.python.org/download/releases/ CVE-ID CVE-2010-1634 CVE-2010-2089 CVE-2011-1521
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime's handling of movie files. CVE-ID CVE-2011-3228 : Apple
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSC atoms in QuickTime movie files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSS atoms in QuickTime movie files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0250 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSZ atoms in QuickTime movie files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0251 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STTS atoms in QuickTime movie files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0252 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: An attacker in a privileged network position may inject script in the local domain when viewing template HTML Description: A cross-site scripting issue existed in QuickTime Player's "Save for Web" export. The template HTML files generated by this feature referenced a script file from a non-encrypted origin. An attacker in a privileged network position may be able to inject malicious scripts in the local domain if the user views a template file locally. This issue is resolved by removing the reference to an online script. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3218 : Aaron Sigel of vtty.com
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of H.264 encoded movie files. CVE-ID CVE-2011-3219 : Damian Put working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to the disclosure of memory contents Description: An uninitialized memory access issue existed in QuickTime's handling of URL data handlers within movie files. CVE-ID CVE-2011-3220 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An implementation issue existed in QuickTime's handling of the atom hierarchy within a movie file. CVE-ID CVE-2011-3221 : an anonymous researcher working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted FlashPix file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of FlashPix files. CVE-ID CVE-2011-3222 : Damian Put working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of FLIC files. CVE-ID CVE-2011-3223 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
SMB File Server Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A guest user may browse shared folders Description: An access control issue existed in the SMB File Server. Disallowing guest access to the share point record for a folder prevented the '_unknown' user from browsing the share point but not guests (user 'nobody'). This issue is addressed by applying the access control to the guest user. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3225
Tomcat Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in Tomcat 6.0.24 Description: Tomcat is updated to version 6.0.32 to address multiple vulnerabilities, the most serious of which may lead to a cross site scripting attack. Tomcat is only provided on Mac OS X Server systems. This issue does not affect OS X Lion systems. Further information is available via the Tomcat site at http://tomcat.apache.org/ CVE-ID CVE-2010-1157 CVE-2010-2227 CVE-2010-3718 CVE-2010-4172 CVE-2011-0013 CVE-2011-0534
User Documentation Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: An attacker in a privileged network position may manipulate App Store help content, leading to arbitrary code execution Description: App Store help content was updated over HTTP. This update addresses the issue by updating App Store help content over HTTPS. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3224 : Aaron Sigel of vtty.com
Web Server Available for: Mac OS X Server v10.6.8 Impact: Clients may be unable to access web services that require digest authentication Description: An issue in the handling of HTTP Digest authentication was addressed. Users may be denied access to the server's resources, when the server configuration should have allowed the access. This issue does not represent a security risk, and was addressed to facilitate the use of stronger authentication mechanisms. Systems running OS X Lion Server are not affected by this issue.
X11 Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in libpng Description: Multiple vulnerabilities existed in libpng, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating libpng to version 1.5.4 on OS Lion systems, and to 1.2.46 on Mac OS X v10.6 systems. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-2690 CVE-2011-2691 CVE-2011-2692
OS X Lion v10.7.2 also includes Safari 5.1.1. For information on the security content of Safari 5.1.1, please visit: http://support.apple.com/kb/HT5000
OS X Lion v10.7.2 and Security Update 2011-006 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2011-006 or OS X v10.7.2.
For OS X Lion v10.7.1 The download file is named: MacOSXUpd10.7.2.dmg Its SHA-1 digest is: 37f784e08d4461e83a891a7f8b8af24c2ceb8229
For OS X Lion v10.7 The download file is named: MacOSXUpdCombo10.7.2.dmg Its SHA-1 digest is: accd06d610af57df24f62ce7af261395944620eb
For OS X Lion Server v10.7.1 The download file is named: MacOSXServerUpd10.7.2.dmg Its SHA-1 digest is: e4084bf1dfa295a42f619224d149e515317955da
For OS X Lion Server v10.7 The download file is named: MacOSXServerUpdCombo10.7.2.dmg Its SHA-1 digest is: 25e86f5cf97b6644c7a025230431b1992962ec4a
For Mac OS X v10.6.8 The download file is named: SecUpd2011-006Snow.dmg Its SHA-1 digest is: 0f9c29610a06370d0c85a4c92dc278a48ba17a84
For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2011-006.dmg Its SHA-1 digest is: 12de3732710bb03059f93527189d221c97ef8a06
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOlc/zAAoJEGnF2JsdZQeeWFcH/RDHS+dCP8T4a92uYRIbs9T3 TFbT7hnOoTB0H+2eN3oziLNime2N4mO921heHobiAKSXv/luU41ZPHxVd6rE77Md /BHDqLv65RA0XFTIPmrTcfpLhI5UgXDLfOLrsmdwTm52l5zQZkoxufYFf3mB3h7U ZJUD1s081Pjy45/Cbao097+JrDwS7ahhgkvTmpmSvJK/wWRz4JtZkvIYcQ2uQFR4 sTg4l6pmi3d8sJJ4wzrEaxDpclRjvjURI4DiBMYwGAXeCMRgYi0y03tYtkjXoaSG 69h2yD8EXQBuJkDyouak7/M/eMwUfb2S6o1HyXTldjdvFBFvvwvl+Y3xp8YmDzU= =gsvn -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201103-0114",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.3"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.8"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.1"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.7"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.5"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.6"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.4"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.2"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.0"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.3"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.7"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.8"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.7"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.9"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.7.2"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.15"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.0"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.8"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.10"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.12"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.1"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.11"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.5"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.9"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.10"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.2"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.4"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.6"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.0"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.5"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.13"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.2"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.4"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.7.0"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.3"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.6"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.11"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.14"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.1"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.7.1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cyrus imap",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ipswitch",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "kerio",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "postfix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "qmail tls",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "watchguard",
"version": null
},
{
"model": "proftpd",
"scope": "eq",
"trust": 0.8,
"vendor": "proftpd",
"version": "1.3.3"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "3.0"
},
{
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "3.0 (x64)"
},
{
"model": "turbolinux client",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "2008 and 12.5"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "11"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "11 (x64)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux long life",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 5.6 server)"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Debian",
"sources": [
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "101275"
}
],
"trust": 0.2
},
"cve": "CVE-2011-0411",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-0411",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-48356",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-0411",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#555316",
"trust": 0.8,
"value": "1.39"
},
{
"author": "CNNVD",
"id": "CNNVD-201103-213",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-48356",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2011-0411",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack. Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. plural STARTTLS There is a vulnerability in the implementation of. plural STARTTLS Implementation of a man-in-the-middle attack (man-in-the-middle attack) May insert a command. This vulnerability is due to the fact that switching to ciphertext communication is performed at a lower layer than the application. This vulnerability is only relevant for implementations that perform certificate validation.An arbitrary command may be executed by a remote attacker who can intercept communications. Postfix is \u200b\u200ba mail transfer agent used in Unix-like operating systems. The STARTTLS implementation in Postfix 2.4.x prior to 2.4.16, 2.5.x prior to 2.5.12, 2.6.x prior to 2.6.9, and 2.7.x prior to 2.7.3 did not properly restrict I/ O buffering effect. ==========================================================================\nUbuntu Security Notice USN-1113-1\nApril 18, 2011\n\npostfix vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n- Ubuntu 9.10\n- Ubuntu 8.04 LTS\n- Ubuntu 6.06 LTS\n\nSummary:\n\nAn attacker could send crafted input to Postfix and cause it to reveal\nconfidential information. \nThis issue only affected Ubuntu 6.06 LTS and 8.04 LTS. (CVE-2009-2939)\n\nWietse Venema discovered that Postfix incorrectly handled cleartext\ncommands after TLS is in place. (CVE-2011-0411)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 10.10:\n postfix 2.7.1-1ubuntu0.1\n\nUbuntu 10.04 LTS:\n postfix 2.7.0-1ubuntu0.1\n\nUbuntu 9.10:\n postfix 2.6.5-3ubuntu0.1\n\nUbuntu 8.04 LTS:\n postfix 2.5.1-2ubuntu1.3\n\nUbuntu 6.06 LTS:\n postfix 2.2.10-1ubuntu0.3\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n CVE-2009-2939, CVE-2011-0411\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.1\n https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.1\n https://launchpad.net/ubuntu/+source/postfix/2.6.5-3ubuntu0.1\n https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.3\n https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.3\n\n\n. \n\nCVE-2011-4130\n\tProFTPD uses a response pool after freeing it under\n\texceptional conditions, possibly leading to remote code\n\texecution. ----------------------------------------------------------------------\n\n\nGet a tax break on purchases of Secunia Solutions!\n\nIf you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at:\nhttp://secunia.com/products/corporate/vim/section_179/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nPostfix \"STARTTLS\" Plaintext Injection Vulnerability\n\nSECUNIA ADVISORY ID:\nSA43646\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43646/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43646\n\nRELEASE DATE:\n2011-03-09\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43646/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43646/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43646\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Postfix, which can be exploited\nby malicious people to manipulate certain data. \n\nThe vulnerability is caused due to the TLS implementation not\nproperly clearing transport layer buffers when upgrading from\nplaintext to ciphertext after receiving the \"STARTTLS\" command. This\ncan be exploited to insert arbitrary plaintext data (e.g. SMTP\ncommands) during the plaintext phase, which will then be executed\nafter upgrading to the TLS ciphertext phase. \n\nThe vulnerability is reported in version 2.2 and all releases prior\nto versions 2.4.16, 2.5.12, 2.6.9, and 2.7.3. \n\nSOLUTION:\nUpdate to versions 2.4.16, 2.5.12, 2.6.9, and 2.7.3. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.postfix.org/CVE-2011-0411.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201206-33\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Postfix: Multiple vulnerabilities\n Date: June 25, 2012\n Bugs: #358085, #366605\n ID: 201206-33\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability has been found in Postfix, the worst of which possibly\nallowing remote code execution. \n\nBackground\n==========\n\nPostfix is Wietse Venema=E2=80=99s mailer that attempts to be fast, easy =\nto\nadminister, and secure, as an alternative to the widely-used Sendmail\nprogram. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 mail-mta/postfix \u003c 2.7.4 \u003e= 2.7.4\n\nDescription\n===========\n\nA vulnerability have been discovered in Postfix. Please review the CVE\nidentifier referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Postfix users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=mail-mta/postfix-2.7.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-0411\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0411\n[ 2 ] CVE-2011-1720\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1720\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-33.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2009-2939\n The postinst script grants the postfix user write access to\n /var/spool/postfix/pid, which might allow local users to\n conduct symlink attacks that overwrite arbitrary files. \n\nCVE-2011-1720\n A heap-based read-only buffer overflow allows malicious\n clients to crash the smtpd server process using a crafted SASL\n authentication request. \n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.5.5-1.1+lenny1. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.1-1+squeeze1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.8.0-1. \n\nWe recommend that you upgrade your postfix packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niQEcBAEBAgAGBQJNyXybAAoJEL97/wQC1SS+xb0H/igqYhOTtvO91deptOPyednw\n5sBQPXGoo+RXeomLsJk8P6ezm7fEGTSl7GUEpNwS1qsqAPVnl9XAK6dOGFae1PbG\n2L93eR6AKgKo60tp2On1Tf1c0HcD6yKiZ6J7C7nZ3E8+yZwSd1k6826ZUQ3gzKKW\nDTIu6w2CzzleK/bppWfhAvwvobHD6X1B16qklZfqw6H0C/QfMjM8ZXLCRv9Tq1TN\njX1W4qeed7pr8r3pTJ9npzae7drqFLoVDi0tpGKi0UHEwgRma1AbDaI2BVmeblue\nYNRHg7H+TqfrUwN8iB64WrYvqnHCQfvViL8f0ML2uJXJf/lHby+vxPl6EGxAIoY=\n=yCCp\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006\n\nOS X Lion v10.7.2 and Security Update 2011-006 is now available and\naddresses the following:\n\nApache\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Multiple vulnerabilities in Apache\nDescription: Apache is updated to version 2.2.20 to address several\nvulnerabilities, the most serious of which may lead to a denial of\nservice. CVE-2011-0419 does not affect OS X Lion systems. Further\ninformation is available via the Apache web site at\nhttp://httpd.apache.org/\nCVE-ID\nCVE-2011-0419\nCVE-2011-3192\n\nApplication Firewall\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Executing a binary with a maliciously crafted name may lead\nto arbitrary code execution with elevated privileges\nDescription: A format string vulnerability existed in Application\nFirewall\u0027s debug logging. \nCVE-ID\nCVE-2011-0185 : an anonymous reporter\n\nATS\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: Viewing or downloading a document containing a maliciously\ncrafted embedded font may lead to arbitrary code execution\nDescription: A signedness issue existed in ATS\u0027 handling of Type 1\nfonts. This issue does not affect systems prior to OS X Lion. \nCVE-ID\nCVE-2011-3437\n\nATS\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing or downloading a document containing a maliciously\ncrafted embedded font may lead to arbitrary code execution\nDescription: An out of bounds memory access issue existed in ATS\u0027\nhandling of Type 1 fonts. This issue does not affect OS X Lion\nsystems. \nCVE-ID\nCVE-2011-0229 : Will Dormann of the CERT/CC\n\nATS\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Applications which use the ATSFontDeactivate API may be\nvulnerable to an unexpected application termination or arbitrary code\nexecution\nDescription: A buffer overflow issue existed in the\nATSFontDeactivate API. \nCVE-ID\nCVE-2011-0230 : Steven Michaud of Mozilla\n\nBIND\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: Multiple vulnerabilities in BIND 9.7.3\nDescription: Multiple denial of service issues existed in BIND\n9.7.3. These issues are addressed by updating BIND to version\n9.7.3-P3. \nCVE-ID\nCVE-2011-1910\nCVE-2011-2464\n\nBIND\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Multiple vulnerabilities in BIND\nDescription: Multiple denial of service issues existed in BIND. \nThese issues are addressed by updating BIND to version 9.6-ESV-R4-P3. \nCVE-ID\nCVE-2009-4022\nCVE-2010-0097\nCVE-2010-3613\nCVE-2010-3614\nCVE-2011-1910\nCVE-2011-2464\n\nCertificate Trust Policy\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1. \nImpact: Root certificates have been updated\nDescription: Several trusted certificates were added to the list of\nsystem roots. Several existing certificates were updated to their\nmost recent version. The complete list of recognized system roots may\nbe viewed via the Keychain Access application. \n\nCFNetwork\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Safari may store cookies it is not configured to accept\nDescription: A synchronization issue existed in CFNetwork\u0027s handling\nof cookie policies. Safari\u0027s cookie preferences may not be honored,\nallowing websites to set cookies that would be blocked were the\npreference enforced. This update addresses the issue through improved\nhandling of cookie storage. \nCVE-ID\nCVE-2011-0231 : Martin Tessarek, Steve Riggins of Geeks R Us, Justin\nC. Walker, and Stephen Creswell\n\nCFNetwork\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of sensitive information\nDescription: An issue existed in CFNetwork\u0027s handling of HTTP\ncookies. When accessing a maliciously crafted HTTP or HTTPS URL,\nCFNetwork could incorrectly send the cookies for a domain to a server\noutside that domain. This issue does not affect systems prior to OS X\nLion. \nCVE-ID\nCVE-2011-3246 : Erling Ellingsen of Facebook\n\nCoreFoundation\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted website or e-mail message may\nlead to an unexpected application termination or arbitrary code\nexecution\nDescription: A memory corruption issue existed in CoreFoundation\u0027s\nhandling of string tokenization. This issue does not affect OS X Lion\nsystems. This update addresses the issue through improved bounds\nchecking. \nCVE-ID\nCVE-2011-0259 : Apple\n\nCoreMedia\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of video data from another site\nDescription: A cross-origin issue existed in CoreMedia\u0027s handling of\ncross-site redirects. This issue is addressed through improved origin\ntracking. \nCVE-ID\nCVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability\nResearch (MSVR)\n\nCoreMedia\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of QuickTime movie files. These issues do not affect OS X\nLion systems. \nCVE-ID\nCVE-2011-0224 : Apple\n\nCoreProcesses\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: A person with physical access to a system may partially\nbypass the screen lock\nDescription: A system window, such as a VPN password prompt, that\nappeared while the screen was locked may have accepted keystrokes\nwhile the screen was locked. This issue is addressed by preventing\nsystem windows from requesting keystrokes while the screen is locked. \nThis issue does not affect systems prior to OS X Lion. \nCVE-ID\nCVE-2011-0260 : Clint Tseng of the University of Washington, Michael\nKobb, and Adam Kemp\n\nCoreStorage\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: Converting to FileVault does not erase all existing data\nDescription: After enabling FileVault, approximately 250MB at the\nstart of the volume was left unencrypted on the disk in an unused\narea. Only data which was present on the volume before FileVault was\nenabled was left unencrypted. This issue is addressed by erasing this\narea when enabling FileVault, and on the first use of an encrypted\nvolume affected by this issue. This issue does not affect systems\nprior to OS X Lion. \nCVE-ID\nCVE-2011-3212 : Judson Powers of ATC-NY\n\nFile Systems\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: An attacker in a privileged network position may manipulate\nHTTPS server certificates, leading to the disclosure of sensitive\ninformation\nDescription: An issue existed in the handling of WebDAV volumes on\nHTTPS servers. If the server presented a certificate chain that could\nnot be automatically verified, a warning was displayed and the\nconnection was closed. If the user clicked the \"Continue\" button in\nthe warning dialog, any certificate was accepted on the following\nconnection to that server. An attacker in a privileged network\nposition may have manipulated the connection to obtain sensitive\ninformation or take action on the server on the user\u0027s behalf. This\nupdate addresses the issue by validating that the certificate\nreceived on the second connection is the same certificate originally\npresented to the user. \nCVE-ID\nCVE-2011-3213 : Apple\n\nIOGraphics\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: A person with physical access may be able to bypass the\nscreen lock\nDescription: An issue existed with the screen lock when used with\nApple Cinema Displays. When a password is required to wake from\nsleep, a person with physical access may be able to access the system\nwithout entering a password if the system is in display sleep mode. \nThis update addresses the issue by ensuring that the lock screen is\ncorrectly activated in display sleep mode. This issue does not affect\nOS X Lion systems. \nCVE-ID\nCVE-2011-3214 : Apple\n\niChat Server\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: A remote attacker may cause the Jabber server to consume\nsystem resources disproportionately\nDescription: An issue existed in the handling of XML external\nentities in jabberd2, a server for the Extensible Messaging and\nPresence Protocol (XMPP). jabberd2 expands external entities in\nincoming requests. This allows an attacker to consume system\nresources very quickly, denying service to legitimate users of the\nserver. This update addresses the issue by disabling entity expansion\nin incoming requests. \nCVE-ID\nCVE-2011-1755\n\nKernel\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: A person with physical access may be able to access the\nuser\u0027s password\nDescription: A logic error in the kernel\u0027s DMA protection permitted\nfirewire DMA at loginwindow, boot, and shutdown, although not at\nscreen lock. This update addresses the issue by preventing firewire\nDMA at all states where the user is not logged in. \nCVE-ID\nCVE-2011-3215 : Passware, Inc. \n\nKernel\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: An unprivileged user may be able to delete another user\u0027s\nfiles in a shared directory\nDescription: A logic error existed in the kernel\u0027s handling of file\ndeletions in directories with the sticky bit. \nCVE-ID\nCVE-2011-3216 : Gordon Davisson of Crywolf, Linc Davis, R. Dormer,\nand Allan Schmid and Oliver Jeckel of brainworks Training\n\nlibsecurity\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: Viewing a maliciously crafted website or e-mail message may\nlead to an unexpected application termination or arbitrary code\nexecution\nDescription: An error handling issue existed when parsing a\nnonstandard certificate revocation list extension. \nCVE-ID\nCVE-2011-3227 : Richard Godbee of Virginia Tech\n\nMailman\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Multiple vulnerabilities in Mailman 2.1.14\nDescription: Multiple cross-site scripting issues existed in Mailman\n2.1.14. These issues are addressed by improved encoding of characters\nin HTML output. Further information is available via the Mailman site\nat http://mail.python.org/pipermail/mailman-\nannounce/2011-February/000158.html This issue does not affect OS X\nLion systems. \nCVE-ID\nCVE-2011-0707\n\nMediaKit\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Opening a maliciously crafted disk image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of disk images. These issues do not affect OS X Lion\nsystems. \nCVE-ID\nCVE-2011-3217 : Apple\n\nOpen Directory\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: Any user may read another local user\u0027s password data\nDescription: An access control issue existed in Open Directory. This\nissue does not affect systems prior to OS X Lion. \nCVE-ID\nCVE-2011-3435 : Arek Dreyer of Dreyer Network Consultants, Inc, and\nPatrick Dunstan at defenseindepth.net\n\nOpen Directory\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: An authenticated user may change that account\u0027s password\nwithout providing the current password\nDescription: An access control issue existed in Open Directory. This\nissue does not affect systems prior to OS X Lion. \nCVE-ID\nCVE-2011-3436 : Patrick Dunstan at defenceindepth.net\n\nOpen Directory\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: A user may be able to log in without a password\nDescription: When Open Directory is bound to an LDAPv3 server using\nRFC2307 or custom mappings, such that there is no\nAuthenticationAuthority attribute for a user, an LDAP user may be\nallowed to log in without a password. This issue does not affect\nsystems prior to OS X Lion. \nCVE-ID\nCVE-2011-3226 : Jeffry Strunk of The University of Texas at Austin,\nSteven Eppler of Colorado Mesa University, Hugh Cole-Baker, and\nFrederic Metoz of Institut de Biologie Structurale\n\nPHP\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A signedness issue existed in FreeType\u0027s handling of\nType 1 fonts. This issue is addressed by updating FreeType to version\n2.4.6. This issue does not affect systems prior to OS X Lion. Further\ninformation is available via the FreeType site at\nhttp://www.freetype.org/\nCVE-ID\nCVE-2011-0226\n\nPHP\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Multiple vulnerabilities in libpng 1.4.3\nDescription: libpng is updated to version 1.5.4 to address multiple\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. Further information is available via the libpng website at\nhttp://www.libpng.org/pub/png/libpng.html\nCVE-ID\nCVE-2011-2690\nCVE-2011-2691\nCVE-2011-2692\n\nPHP\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Multiple vulnerabilities in PHP 5.3.4\nDescription: PHP is updated to version 5.3.6 to address multiple\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. This issues do not affect OS X Lion systems. Further\ninformation is available via the PHP website at http://www.php.net/\nCVE-ID\nCVE-2010-3436\nCVE-2010-4645\nCVE-2011-0420\nCVE-2011-0421\nCVE-2011-0708\nCVE-2011-1092\nCVE-2011-1153\nCVE-2011-1466\nCVE-2011-1467\nCVE-2011-1468\nCVE-2011-1469\nCVE-2011-1470\nCVE-2011-1471\n\npostfix\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: An attacker in a privileged network position may manipulate\nmail sessions, resulting in the disclosure of sensitive information\nDescription: A logic issue existed in Postfix in the handling of the\nSTARTTLS command. After receiving a STARTTLS command, Postfix may\nprocess other plain-text commands. An attacker in a privileged\nnetwork position may manipulate the mail session to obtain sensitive\ninformation from the encrypted traffic. This update addresses the\nissue by clearing the command queue after processing a STARTTLS\ncommand. This issue does not affect OS X Lion systems. Further\ninformation is available via the Postfix site at\nhttp://www.postfix.org/announcements/postfix-2.7.3.html\nCVE-ID\nCVE-2011-0411\n\npython\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Multiple vulnerabilities in python\nDescription: Multiple vulnerabilities existed in python, the most\nserious of which may lead to arbitrary code execution. This update\naddresses the issues by applying patches from the python project. \nFurther information is available via the python site at\nhttp://www.python.org/download/releases/\nCVE-ID\nCVE-2010-1634\nCVE-2010-2089\nCVE-2011-1521\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in\nQuickTime\u0027s handling of movie files. \nCVE-ID\nCVE-2011-3228 : Apple\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in the handling of STSC\natoms in QuickTime movie files. This issue does not affect OS X Lion\nsystems. \nCVE-ID\nCVE-2011-0249 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in the handling of STSS\natoms in QuickTime movie files. This issue does not affect OS X Lion\nsystems. \nCVE-ID\nCVE-2011-0250 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in the handling of STSZ\natoms in QuickTime movie files. This issue does not affect OS X Lion\nsystems. \nCVE-ID\nCVE-2011-0251 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in the handling of STTS\natoms in QuickTime movie files. This issue does not affect OS X Lion\nsystems. \nCVE-ID\nCVE-2011-0252 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: An attacker in a privileged network position may inject\nscript in the local domain when viewing template HTML\nDescription: A cross-site scripting issue existed in QuickTime\nPlayer\u0027s \"Save for Web\" export. The template HTML files generated by\nthis feature referenced a script file from a non-encrypted origin. An\nattacker in a privileged network position may be able to inject\nmalicious scripts in the local domain if the user views a template\nfile locally. This issue is resolved by removing the reference to an\nonline script. This issue does not affect OS X Lion systems. \nCVE-ID\nCVE-2011-3218 : Aaron Sigel of vtty.com\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in QuickTime\u0027s handling of\nH.264 encoded movie files. \nCVE-ID\nCVE-2011-3219 : Damian Put working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Viewing a maliciously crafted movie file may lead to the\ndisclosure of memory contents\nDescription: An uninitialized memory access issue existed in\nQuickTime\u0027s handling of URL data handlers within movie files. \nCVE-ID\nCVE-2011-3220 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An implementation issue existed in QuickTime\u0027s handling\nof the atom hierarchy within a movie file. \nCVE-ID\nCVE-2011-3221 : an anonymous researcher working with TippingPoint\u0027s\nZero Day Initiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Viewing a maliciously crafted FlashPix file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in QuickTime\u0027s handling of\nFlashPix files. \nCVE-ID\nCVE-2011-3222 : Damian Put working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in QuickTime\u0027s handling of\nFLIC files. \nCVE-ID\nCVE-2011-3223 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\nSMB File Server\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: A guest user may browse shared folders\nDescription: An access control issue existed in the SMB File Server. \nDisallowing guest access to the share point record for a folder\nprevented the \u0027_unknown\u0027 user from browsing the share point but not\nguests (user \u0027nobody\u0027). This issue is addressed by applying the\naccess control to the guest user. This issue does not affect systems\nprior to OS X Lion. \nCVE-ID\nCVE-2011-3225\n\nTomcat\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Multiple vulnerabilities in Tomcat 6.0.24\nDescription: Tomcat is updated to version 6.0.32 to address multiple\nvulnerabilities, the most serious of which may lead to a cross site\nscripting attack. Tomcat is only provided on Mac OS X Server systems. \nThis issue does not affect OS X Lion systems. Further information is\navailable via the Tomcat site at http://tomcat.apache.org/\nCVE-ID\nCVE-2010-1157\nCVE-2010-2227\nCVE-2010-3718\nCVE-2010-4172\nCVE-2011-0013\nCVE-2011-0534\n\nUser Documentation\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: An attacker in a privileged network position may manipulate\nApp Store help content, leading to arbitrary code execution\nDescription: App Store help content was updated over HTTP. This\nupdate addresses the issue by updating App Store help content over\nHTTPS. This issue does not affect OS X Lion systems. \nCVE-ID\nCVE-2011-3224 : Aaron Sigel of vtty.com\n\nWeb Server\nAvailable for: Mac OS X Server v10.6.8\nImpact: Clients may be unable to access web services that require\ndigest authentication\nDescription: An issue in the handling of HTTP Digest authentication\nwas addressed. Users may be denied access to the server\u0027s resources,\nwhen the server configuration should have allowed the access. This\nissue does not represent a security risk, and was addressed to\nfacilitate the use of stronger authentication mechanisms. Systems\nrunning OS X Lion Server are not affected by this issue. \n\nX11\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Multiple vulnerabilities in libpng\nDescription: Multiple vulnerabilities existed in libpng, the most\nserious of which may lead to arbitrary code execution. These issues\nare addressed by updating libpng to version 1.5.4 on OS Lion systems,\nand to 1.2.46 on Mac OS X v10.6 systems. Further information is\navailable via the libpng website at\nhttp://www.libpng.org/pub/png/libpng.html\nCVE-ID\nCVE-2011-2690\nCVE-2011-2691\nCVE-2011-2692\n\nOS X Lion v10.7.2 also includes Safari 5.1.1. For information on\nthe security content of Safari 5.1.1, please visit:\nhttp://support.apple.com/kb/HT5000\n\nOS X Lion v10.7.2 and Security Update 2011-006 may be obtained from\nthe Software Update pane in System Preferences, or Apple\u0027s Software\nDownloads web site:\nhttp://www.apple.com/support/downloads/\n\nThe Software Update utility will present the update that applies\nto your system configuration. Only one is needed, either\nSecurity Update 2011-006 or OS X v10.7.2. \n\nFor OS X Lion v10.7.1\nThe download file is named: MacOSXUpd10.7.2.dmg\nIts SHA-1 digest is: 37f784e08d4461e83a891a7f8b8af24c2ceb8229\n\nFor OS X Lion v10.7\nThe download file is named: MacOSXUpdCombo10.7.2.dmg\nIts SHA-1 digest is: accd06d610af57df24f62ce7af261395944620eb\n\nFor OS X Lion Server v10.7.1\nThe download file is named: MacOSXServerUpd10.7.2.dmg\nIts SHA-1 digest is: e4084bf1dfa295a42f619224d149e515317955da\n\nFor OS X Lion Server v10.7\nThe download file is named: MacOSXServerUpdCombo10.7.2.dmg\nIts SHA-1 digest is: 25e86f5cf97b6644c7a025230431b1992962ec4a\n\nFor Mac OS X v10.6.8\nThe download file is named: SecUpd2011-006Snow.dmg\nIts SHA-1 digest is: 0f9c29610a06370d0c85a4c92dc278a48ba17a84\n\nFor Mac OS X Server v10.6.8\nThe download file is named: SecUpdSrvr2011-006.dmg\nIts SHA-1 digest is: 12de3732710bb03059f93527189d221c97ef8a06\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\n\niQEcBAEBAgAGBQJOlc/zAAoJEGnF2JsdZQeeWFcH/RDHS+dCP8T4a92uYRIbs9T3\nTFbT7hnOoTB0H+2eN3oziLNime2N4mO921heHobiAKSXv/luU41ZPHxVd6rE77Md\n/BHDqLv65RA0XFTIPmrTcfpLhI5UgXDLfOLrsmdwTm52l5zQZkoxufYFf3mB3h7U\nZJUD1s081Pjy45/Cbao097+JrDwS7ahhgkvTmpmSvJK/wWRz4JtZkvIYcQ2uQFR4\nsTg4l6pmi3d8sJJ4wzrEaxDpclRjvjURI4DiBMYwGAXeCMRgYi0y03tYtkjXoaSG\n69h2yD8EXQBuJkDyouak7/M/eMwUfb2S6o1HyXTldjdvFBFvvwvl+Y3xp8YmDzU=\n=gsvn\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0411"
},
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "PACKETSTORM",
"id": "100558"
},
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "99097"
},
{
"db": "PACKETSTORM",
"id": "114177"
},
{
"db": "PACKETSTORM",
"id": "101275"
},
{
"db": "PACKETSTORM",
"id": "105738"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#555316",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2011-0411",
"trust": 3.2
},
{
"db": "SECUNIA",
"id": "43646",
"trust": 2.8
},
{
"db": "VUPEN",
"id": "ADV-2011-0611",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1025179",
"trust": 2.6
},
{
"db": "BID",
"id": "46767",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "43874",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2011-0891",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2011-0752",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "71021",
"trust": 1.8
},
{
"db": "JUNIPER",
"id": "JSA10705",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/08/10/2",
"trust": 1.1
},
{
"db": "XF",
"id": "65932",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "114177",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "107027",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "99457",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99392",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99053",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-48356",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2011-0411",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "100558",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99097",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101275",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "105738",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"db": "PACKETSTORM",
"id": "100558"
},
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "99097"
},
{
"db": "PACKETSTORM",
"id": "114177"
},
{
"db": "PACKETSTORM",
"id": "101275"
},
{
"db": "PACKETSTORM",
"id": "105738"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"id": "VAR-201103-0114",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-48356"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:40:40.823000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "postfix-2.3.3-2.10.AXS3",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1399"
},
{
"title": "2211",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2211"
},
{
"title": "2212",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2212"
},
{
"title": "3624",
"trust": 0.8,
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3624"
},
{
"title": "NEWS-1.3.3e",
"trust": 0.8,
"url": "http://www.proftpd.org/docs/news-1.3.3e"
},
{
"title": "NEWS-1.3.4rc2",
"trust": 0.8,
"url": "http://www.proftpd.org/docs/news-1.3.4rc2"
},
{
"title": "RHSA-2011:0422",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2011-0422.html"
},
{
"title": "RHSA-2011:0423",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2011-0423.html"
},
{
"title": "TLSA-2011-13",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2011/tlsa-2011-13j.txt"
},
{
"title": "TLSA-2013-4",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2013/tlsa-2013-4j.html"
},
{
"title": "Postfix STARTTLS Achieve repair measures for plaintext command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=159437"
},
{
"title": "Debian CVElist Bug Report Logs: postfix STARTTLS affected by CVE-2011-0411",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=74282b8fe400ed6ddbb6171a1052e2fd"
},
{
"title": "Debian CVElist Bug Report Logs: [CVE-2011-4130] Use-after-free issue",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f7453f9ff437afb706c192fb10d67eb2"
},
{
"title": "Debian CVElist Bug Report Logs: inn: CVE-2012-3523 prone to STARTTLS plaintext command injection",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a774850c70017348487727b907fda84b"
},
{
"title": "Debian CVElist Bug Report Logs: courier: CVE-2021-38084",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=9dc8ffd76b724b58108eb46bc913121c"
},
{
"title": "Debian CVElist Bug Report Logs: STARTTLS plaintext command injection",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b03b4eab65949f1c915b1538f80e6a4b"
},
{
"title": "Ubuntu Security Notice: postfix vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1113-1"
},
{
"title": "Debian Security Advisories: DSA-2346-2 proftpd-dfsg -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a1db5959643fcc6f1957a67359aa92ed"
},
{
"title": "Debian Security Advisories: DSA-2233-1 postfix -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=96aadd3bb66ec0adb18615b395c09544"
},
{
"title": "Vision",
"trust": 0.1,
"url": "https://github.com/coolervoid/vision "
},
{
"title": "Vision2",
"trust": 0.1,
"url": "https://github.com/coolervoid/vision2 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"trust": 2.6,
"url": "http://www.securityfocus.com/bid/46767"
},
{
"trust": 2.6,
"url": "http://securitytracker.com/id?1025179"
},
{
"trust": 2.6,
"url": "http://secunia.com/advisories/43646"
},
{
"trust": 2.6,
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"trust": 1.9,
"url": "http://www.postfix.org/cve-2011-0411.html"
},
{
"trust": 1.9,
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00003.html"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht5002"
},
{
"trust": 1.8,
"url": "http://www.kb.cert.org/vuls/id/moro-8elh6z"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-march/056560.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-march/056559.html"
},
{
"trust": 1.8,
"url": "http://www.osvdb.org/71021"
},
{
"trust": 1.8,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0422.html"
},
{
"trust": 1.8,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0423.html"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/43874"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2011/0891"
},
{
"trust": 1.8,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"trust": 1.7,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10705"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc2595"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc3207"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc4642"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=674814"
},
{
"trust": 0.8,
"url": "http://www.watchguard.com/archive/softwarecenter.asp"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0411"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/65932"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu555316"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0411"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0411"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2939"
},
{
"trust": 0.2,
"url": "http://secunia.com/"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1720"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10705"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617849"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=22617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/1113-1/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.6.5-3ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4130"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/43646/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/section_179/"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/43646/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43646"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1720"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0411"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0259"
},
{
"trust": 0.1,
"url": "http://tomcat.apache.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0185"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0230"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0226"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0097"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4022"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht5000"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2089"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0229"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2227"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0260"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4645"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0251"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3613"
},
{
"trust": 0.1,
"url": "http://www.freetype.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0419"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "http://httpd.apache.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1634"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3436"
},
{
"trust": 0.1,
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"trust": 0.1,
"url": "http://www.php.net/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4172"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0249"
},
{
"trust": 0.1,
"url": "http://mail.python.org/pipermail/mailman-"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0250"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157"
},
{
"trust": 0.1,
"url": "http://www.postfix.org/announcements/postfix-2.7.3.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0252"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0224"
},
{
"trust": 0.1,
"url": "http://www.python.org/download/releases/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"db": "PACKETSTORM",
"id": "100558"
},
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "99097"
},
{
"db": "PACKETSTORM",
"id": "114177"
},
{
"db": "PACKETSTORM",
"id": "101275"
},
{
"db": "PACKETSTORM",
"id": "105738"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"db": "PACKETSTORM",
"id": "100558"
},
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "99097"
},
{
"db": "PACKETSTORM",
"id": "114177"
},
{
"db": "PACKETSTORM",
"id": "101275"
},
{
"db": "PACKETSTORM",
"id": "105738"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-07T00:00:00",
"db": "CERT/CC",
"id": "VU#555316"
},
{
"date": "2011-03-16T00:00:00",
"db": "VULHUB",
"id": "VHN-48356"
},
{
"date": "2011-03-16T00:00:00",
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"date": "2011-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"date": "2011-04-18T22:40:46",
"db": "PACKETSTORM",
"id": "100558"
},
{
"date": "2011-11-16T04:40:08",
"db": "PACKETSTORM",
"id": "107027"
},
{
"date": "2011-03-09T06:30:30",
"db": "PACKETSTORM",
"id": "99097"
},
{
"date": "2012-06-25T22:58:41",
"db": "PACKETSTORM",
"id": "114177"
},
{
"date": "2011-05-10T18:42:48",
"db": "PACKETSTORM",
"id": "101275"
},
{
"date": "2011-10-13T02:35:35",
"db": "PACKETSTORM",
"id": "105738"
},
{
"date": "2011-03-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"date": "2011-03-16T22:55:02.717000",
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-08T00:00:00",
"db": "CERT/CC",
"id": "VU#555316"
},
{
"date": "2017-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-48356"
},
{
"date": "2021-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"date": "2013-08-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"date": "2021-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"date": "2021-08-10T12:15:07.120000",
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "114177"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "STARTTLS plaintext command injection vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2008-09-12 16:56
Modified
2024-11-21 00:50
Severity ?
Summary
Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | 2.6 | |
| postfix | postfix | 2.4 | |
| postfix | postfix | 2.4.0 | |
| postfix | postfix | 2.4.1 | |
| postfix | postfix | 2.4.2 | |
| postfix | postfix | 2.4.3 | |
| postfix | postfix | 2.4.4 | |
| postfix | postfix | 2.4.5 | |
| postfix | postfix | 2.4.6 | |
| postfix | postfix | 2.4.7 | |
| postfix | postfix | 2.4.8 | |
| postfix | postfix | 2.5.1 | |
| postfix | postfix | 2.5.2 | |
| postfix | postfix | 2.5.3 | |
| postfix | postfix | 2.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC560CC-F785-42D5-A25B-1BA02E7AC464",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "998D1069-1CF5-42C5-8668-49D72E2D2F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2138A68-3F3D-4C7E-9FEB-2C8A445F2789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5E0EB5-ECC6-4573-9EA7-83E5741DA3CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "790C02A8-95DD-42BE-8A1C-1C6D6DDCC443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A0034F2-585D-4A98-8428-996A726712DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B162B5-DEF5-46AD-87D1-734B3B637D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF3730A-0FFD-4C23-B758-BBA67CC9CD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "10E8E5E2-5674-40D5-AD86-8C4DDB442EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "690EDC73-47B5-4891-86A5-37B6ED80E145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B751BA4B-B7C8-4A87-A03C-5C91678FC832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58F1FC50-B6EB-48FD-A2FA-B8BEB05719DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DE90BD-B5F9-4762-B086-130AB04F3CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CCD5258B-C9DE-47BD-9172-27618F220201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1E6461-2F2A-49C5-9B2B-08DE418F2F7B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of \"non-Postfix\" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file."
},
{
"lang": "es",
"value": "Postfix versi\u00f3n 2.4 anteriores a la 2.4.9, versi\u00f3n 2.5 anteriores a la 2.5.5 y versi\u00f3n 2.6 anteriores a la 2.6-2000902, cuando se utiliza con el nucleo de Linux versi\u00f3n 2.6, muestra los descriptores del fichero epoll durante la ejecuci\u00f3n de comandos que no son Postfix, permite a usuarios locales provocar una denegaci\u00f3n de servicio (aplicaci\u00f3n m\u00e1s lenta o finalizaci\u00f3n) mediante un comando especialmente construido, como se ha demostrado por un comando en un fichero .forward."
}
],
"id": "CVE-2008-3889",
"lastModified": "2024-11-21T00:50:21.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-12T16:56:20.587",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31716"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31800"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31982"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31986"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32231"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200809-09.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4239"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1020800"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0311"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:190"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.postfix.org/announcements/20080902.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495894/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/496420/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/498037/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30977"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-642-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.wekk.net/research/CVE-2008-3889/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44865"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6472"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200809-09.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1020800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.postfix.org/announcements/20080902.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495894/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/496420/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/498037/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-642-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.wekk.net/research/CVE-2008-3889/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions Postfix as shipped with Red Hat Enterprise Linux 3, 4, or 5.",
"lastModified": "2017-09-28T21:31:54.147",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-18 19:41
Modified
2024-11-21 00:48
Severity ?
Summary
Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postfix | postfix | 2.3.0 | |
| postfix | postfix | 2.3.1 | |
| postfix | postfix | 2.3.2 | |
| postfix | postfix | 2.3.3 | |
| postfix | postfix | 2.3.4 | |
| postfix | postfix | 2.3.5 | |
| postfix | postfix | 2.3.6 | |
| postfix | postfix | 2.3.7 | |
| postfix | postfix | 2.3.8 | |
| postfix | postfix | 2.3.9 | |
| postfix | postfix | 2.3.10 | |
| postfix | postfix | 2.3.11 | |
| postfix | postfix | 2.3.12 | |
| postfix | postfix | 2.3.13 | |
| postfix | postfix | 2.3.14 | |
| postfix | postfix | 2.4.0 | |
| postfix | postfix | 2.4.1 | |
| postfix | postfix | 2.4.2 | |
| postfix | postfix | 2.4.3 | |
| postfix | postfix | 2.4.4 | |
| postfix | postfix | 2.4.5 | |
| postfix | postfix | 2.4.6 | |
| postfix | postfix | 2.4.7 | |
| postfix | postfix | 2.5.0 | |
| postfix | postfix | 2.5.1 | |
| postfix | postfix | 2.5.2 | |
| postfix | postfix | 2.5.3 | |
| postfix | postfix | 2.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F08A3C19-AEB6-4E0C-A41D-01024DC0A25D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE8A81E-3856-4908-B7B7-9CF511CA2A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B935272-1EC7-4C70-8299-9DC7594809EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1647690F-D015-4DC4-9FB7-F5E9F0C430D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A814997B-A612-493F-AA85-BA5A187A91FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "449E9764-54F4-46F9-9E4D-F2C96EC5F37E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4A15A5-0994-4A3B-B4CD-1C5D9F411FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3FB858-1B20-450B-9181-A1FE1C2B9DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BBD449-6F03-4EFE-8C87-B5014F0381F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DEBD42EA-B31E-4E37-BF28-FEBB18369A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B92BCC42-6E9F-44CB-A755-004B6DBD9D41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1B67A4AE-2C1C-49D6-9F53-05CAB51273E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7A64D948-9441-492F-B9E5-DE5D5A3D7266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7BCB67-AF9E-4343-827B-D783C71BAF46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "265AD494-E5EB-423B-9C20-62BCB1C3B9B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2138A68-3F3D-4C7E-9FEB-2C8A445F2789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5E0EB5-ECC6-4573-9EA7-83E5741DA3CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "790C02A8-95DD-42BE-8A1C-1C6D6DDCC443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A0034F2-585D-4A98-8428-996A726712DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B162B5-DEF5-46AD-87D1-734B3B637D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF3730A-0FFD-4C23-B758-BBA67CC9CD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "10E8E5E2-5674-40D5-AD86-8C4DDB442EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "690EDC73-47B5-4891-86A5-37B6ED80E145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA31260C-1C67-4E76-9F56-2359BFA0B197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58F1FC50-B6EB-48FD-A2FA-B8BEB05719DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DE90BD-B5F9-4762-B086-130AB04F3CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CCD5258B-C9DE-47BD-9172-27618F220201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B3F710-13EF-4A36-B191-E0FCC1D98E23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script."
},
{
"lang": "es",
"value": "Postfix antes de 2.3.15, 2.4 anterior a 2.4.8, 2.5 anterior a 2.5.4 y 2.6 antes de 2.6-20080814, cuando el sistema operativo admite enlaces duros (hard links) a enlaces simb\u00f3licos, permite a usuarios locales a\u00f1adir mensajes de correo a un archivo al que apunta un enlace simb\u00f3lico propiedad de root, creando un enlace duro a este enlace simb\u00f3lico y enviando un mensaje despu\u00e9s. NOTA: esto puede ser utilizado para obtener privilegios si hay un enlace simb\u00f3lico a un script init."
}
],
"evaluatorComment": "Please refer to the following links for additional version information (vendor release notes):\r\n\r\n\r\nPostfix 2.3 - ftp://mirrors.loonybin.net/pub/postfix/official/postfix-2.3.15.RELEASE_NOTES\r\n\r\nPostfix 2.4 - ftp://mirrors.loonybin.net/pub/postfix/official/postfix-2.4.8.RELEASE_NOTES\r\n\r\nPostfix 2.5 - ftp://mirrors.loonybin.net/pub/postfix/official/postfix-2.5.4.RELEASE_NOTES\r\n\r\nPostfix 2.6 - ftp://mirrors.loonybin.net/pub/postfix/experimental/postfix-2.6-20080814.RELEASE_NOTES",
"id": "CVE-2008-2936",
"lastModified": "2024-11-21T00:48:03.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-18T19:41:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY"
},
{
"source": "secalert@redhat.com",
"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.3.15.HISTORY"
},
{
"source": "secalert@redhat.com",
"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.4.8.HISTORY"
},
{
"source": "secalert@redhat.com",
"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY"
},
{
"source": "secalert@redhat.com",
"url": "http://article.gmane.org/gmane.mail.postfix.announce/110"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31469"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31474"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31477"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31485"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31500"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31530"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32231"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200808-12.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://securityreason.com/securityalert/4160"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0259"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2008/dsa-1629"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/938323"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:171"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0839.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/495474/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/495632/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/495882/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/30691"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1020700"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/2385"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44460"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-2689"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10033"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/636-1/"
},
{
"source": "secalert@redhat.com",
"url": "https://www.exploit-db.com/exploits/6337"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.3.15.HISTORY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.4.8.HISTORY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://article.gmane.org/gmane.mail.postfix.announce/110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200808-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/938323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0839.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495474/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495632/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495882/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/30691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-2689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/636-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-21 19:30
Modified
2024-11-21 01:06
Severity ?
Summary
The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postfix | postfix | 2.5.5 | |
| debian | debian_linux | 6.06 | |
| ubuntu | ubuntu_linux | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "894002C8-F3C1-4241-96FE-C088BBD0FCED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "67D47FA7-B5AF-4580-8BA7-8408D98D1F26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F22916E8-84BE-444D-9B99-199FE8E0F665",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files."
},
{
"lang": "es",
"value": "El script postfix.postinst en el paquete postfix v2.5.5 de Debian GNU/Linux y Ubuntu permite acceso de escritura al usuario postfix en /var/spool/postfix/pid, permitiendo a usuarios locales dirigir ataques de enlaces simb\u00f3licos que sobrescriban ficheros de su elecci\u00f3n."
}
],
"id": "CVE-2009-2939",
"lastModified": "2024-11-21T01:06:06.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-21T19:30:00.390",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2009/09/18/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2009/09/18/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-16 17:29
Modified
2024-11-21 03:05
Severity ?
Summary
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/oss-sec/2017/q3/285 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.postfix.org/announcements/postfix-3.2.2.html | Vendor Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:0366 | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujul2020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2017/q3/285 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.postfix.org/announcements/postfix-3.2.2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0366 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2020.html |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E46DED-C952-4EC2-8418-B94092708565",
"versionEndExcluding": "2.11.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5514620D-4D5B-4090-9462-13C7F6EC6FC1",
"versionEndExcluding": "3.0.10",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE1FAC6-6422-43D8-8981-08359639366B",
"versionEndExcluding": "3.1.6",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B5C3C4E-E289-4F5E-A211-A9EE33EDE36E",
"versionEndExcluding": "3.2.2",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory."
},
{
"lang": "es",
"value": "Postfix, en versiones anteriores a la 2.11.10, versiones 3.0.x anteriores a la 3.0.10, versiones 3.1.x anteriores a la 3.1.6 y versiones 3.2.x anteriores a la 3.2.2, podr\u00eda permitir que usuarios locales obtengan privilegios aprovechando una funcionalidad no documentada en Berkeley DB, en versiones 2.x y posteriores. Esto est\u00e1 relacionado con la lectura de opciones de DB_CONFIG en el directorio actual."
}
],
"id": "CVE-2017-10140",
"lastModified": "2024-11-21T03:05:27.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-16T17:29:00.220",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2017/q3/285"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.postfix.org/announcements/postfix-3.2.2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2017/q3/285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.postfix.org/announcements/postfix-3.2.2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-01 14:55
Modified
2024-11-21 01:35
Severity ?
Summary
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23A80121-F089-4DE1-8086-7454D66E8FEA",
"versionEndIncluding": "2.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB5D16A3-59DA-407B-82E4-65C39EBD3710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5DF3A2-5F47-4D2A-802B-CE53872DDEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7A4BE9-7CBE-404F-B577-933AC26E6E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8872C496-2430-4EA6-B417-51C6877B874A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EB9646BA-E57D-4E1D-BF1A-FA137CA00ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66B95D87-5B0B-48F6-8379-2521CFDE7CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A09799F5-6084-4F06-B851-4FEA7873BF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9230082E-FE88-4001-A614-43E8DD76471B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "258010A6-6B75-4663-AD5C-E7AD48B38DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "602E668A-1343-457B-B0E1-CAB3CCA05BD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "83C3C7F7-016F-458B-B40D-E06080552045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FE51A934-BFD2-4E61-9827-A934995BDCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF57DB8-3D17-4868-9FDF-81A0645FBC5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDE9CC6-A7C7-4B0E-A341-E441EF9C33FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7ECFA4-01CF-4C44-949D-7781767B724A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "A568A8FC-7BB0-431B-8BFE-1BF28DD545B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B2273956-8CEB-439E-8841-953580AE673D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9E074865-92E2-4AFC-8542-00273FDFACEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1274628A-B6F8-48DA-A7B0-7629362A0383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4FAE9B3D-C867-4100-9F1A-1A925E6BCA2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "123ED520-D9A9-457E-B0FF-2164678F2FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F03CC36-4E01-4298-8BF2-208EC2126E2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA763611-3C94-40EB-AC16-F6860FCBFDAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E8725859-159E-49A5-91F2-12A6B300AE76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D3B5347-F7FD-4291-8535-9D71F9F49568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2750F62-79D5-41ED-8624-4DC36A23A03D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D09CC9-07C8-42C7-B7B2-25251C8615A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F28A5B6A-466B-4B24-9BD4-9DE15642A724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E7B624-C991-4EA1-A977-6C06F57B4E2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E899C1C0-18D1-43DE-BC55-C3C14F5395D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "05F2CA7C-1BCE-4EBB-BFAA-6C27F03CAC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "903BF741-FD7E-41F7-802D-88A09B7EFFFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F0A444A-E6FE-4585-BA6C-6061A87C6144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "161082B7-A757-496C-9D35-681851CEA10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B02E2034-BB39-4B86-81CA-3BB93A4E4849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "29CF0FA6-F4F6-4A4B-89A6-057F835FFE89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0055B0EA-775F-4670-A3F9-C1676DBB97D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "363704AE-66A9-4B58-A57E-47748F299471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5226F933-9FB6-4BF6-AC3B-1A22D22F92F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0066AE84-D27D-4E9B-851B-40EDFD07C0BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2B739C7B-93CC-4367-B006-E8A721ECBCF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE8A81E-3856-4908-B7B7-9CF511CA2A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B935272-1EC7-4C70-8299-9DC7594809EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1647690F-D015-4DC4-9FB7-F5E9F0C430D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Postfix Admin (tambi\u00e9n conocido como postfixadmin) anterior a 2.3.5 permiten a usuarios remotos autenticados ejecutar comandos SQL a trav\u00e9s de (1) el par\u00e1metro pw en la funci\u00f3n pacrypt, cuando mysql_encrypt est\u00e1 configurado, o (2) vectores no especificados que se utilizan en los ficheros de las copias de seguridad generados por backup.php."
}
],
"id": "CVE-2012-0811",
"lastModified": "2024-11-21T01:35:46.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-01T14:55:10.120",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.codseq.it/advisories/multiple_vulnerabilities_in_postfixadmin"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/01/26/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/01/27/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/51680"
},
{
"source": "secalert@redhat.com",
"url": "https://svn.code.sf.net/p/postfixadmin/code/branches/postfixadmin-2.3/CHANGELOG.TXT"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.codseq.it/advisories/multiple_vulnerabilities_in_postfixadmin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/01/26/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/01/27/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://svn.code.sf.net/p/postfixadmin/code/branches/postfixadmin-2.3/CHANGELOG.TXT"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-13 17:05
Modified
2024-11-21 01:26
Severity ?
Summary
The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB5D16A3-59DA-407B-82E4-65C39EBD3710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5DF3A2-5F47-4D2A-802B-CE53872DDEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7A4BE9-7CBE-404F-B577-933AC26E6E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8872C496-2430-4EA6-B417-51C6877B874A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EB9646BA-E57D-4E1D-BF1A-FA137CA00ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66B95D87-5B0B-48F6-8379-2521CFDE7CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A09799F5-6084-4F06-B851-4FEA7873BF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9230082E-FE88-4001-A614-43E8DD76471B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "258010A6-6B75-4663-AD5C-E7AD48B38DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "602E668A-1343-457B-B0E1-CAB3CCA05BD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "83C3C7F7-016F-458B-B40D-E06080552045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FE51A934-BFD2-4E61-9827-A934995BDCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF57DB8-3D17-4868-9FDF-81A0645FBC5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDE9CC6-A7C7-4B0E-A341-E441EF9C33FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7ECFA4-01CF-4C44-949D-7781767B724A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "A568A8FC-7BB0-431B-8BFE-1BF28DD545B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B2273956-8CEB-439E-8841-953580AE673D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9E074865-92E2-4AFC-8542-00273FDFACEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1274628A-B6F8-48DA-A7B0-7629362A0383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4FAE9B3D-C867-4100-9F1A-1A925E6BCA2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "123ED520-D9A9-457E-B0FF-2164678F2FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F03CC36-4E01-4298-8BF2-208EC2126E2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA763611-3C94-40EB-AC16-F6860FCBFDAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E8725859-159E-49A5-91F2-12A6B300AE76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D3B5347-F7FD-4291-8535-9D71F9F49568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2750F62-79D5-41ED-8624-4DC36A23A03D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D09CC9-07C8-42C7-B7B2-25251C8615A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F28A5B6A-466B-4B24-9BD4-9DE15642A724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E7B624-C991-4EA1-A977-6C06F57B4E2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E899C1C0-18D1-43DE-BC55-C3C14F5395D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "05F2CA7C-1BCE-4EBB-BFAA-6C27F03CAC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "903BF741-FD7E-41F7-802D-88A09B7EFFFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F0A444A-E6FE-4585-BA6C-6061A87C6144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "161082B7-A757-496C-9D35-681851CEA10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B02E2034-BB39-4B86-81CA-3BB93A4E4849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "29CF0FA6-F4F6-4A4B-89A6-057F835FFE89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0055B0EA-775F-4670-A3F9-C1676DBB97D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "363704AE-66A9-4B58-A57E-47748F299471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5226F933-9FB6-4BF6-AC3B-1A22D22F92F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0066AE84-D27D-4E9B-851B-40EDFD07C0BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2B739C7B-93CC-4367-B006-E8A721ECBCF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F08A3C19-AEB6-4E0C-A41D-01024DC0A25D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE8A81E-3856-4908-B7B7-9CF511CA2A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B935272-1EC7-4C70-8299-9DC7594809EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1647690F-D015-4DC4-9FB7-F5E9F0C430D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A814997B-A612-493F-AA85-BA5A187A91FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "449E9764-54F4-46F9-9E4D-F2C96EC5F37E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4A15A5-0994-4A3B-B4CD-1C5D9F411FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3FB858-1B20-450B-9181-A1FE1C2B9DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BBD449-6F03-4EFE-8C87-B5014F0381F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DEBD42EA-B31E-4E37-BF28-FEBB18369A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B92BCC42-6E9F-44CB-A755-004B6DBD9D41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1B67A4AE-2C1C-49D6-9F53-05CAB51273E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7A64D948-9441-492F-B9E5-DE5D5A3D7266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7BCB67-AF9E-4343-827B-D783C71BAF46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "265AD494-E5EB-423B-9C20-62BCB1C3B9B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B63D1C8C-6E55-43B1-9479-5CE7A917C501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "208C73B6-88AF-4D8D-A7BE-8AB4E1A4F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "11993437-8CE2-44A7-BEF8-D5F7410DCB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E13F9414-C71A-49A7-9A84-BC3151E95598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "546CC4D9-D2F4-4725-AD2D-200E6549BB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "998D1069-1CF5-42C5-8668-49D72E2D2F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2138A68-3F3D-4C7E-9FEB-2C8A445F2789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5E0EB5-ECC6-4573-9EA7-83E5741DA3CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "790C02A8-95DD-42BE-8A1C-1C6D6DDCC443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A0034F2-585D-4A98-8428-996A726712DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B162B5-DEF5-46AD-87D1-734B3B637D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF3730A-0FFD-4C23-B758-BBA67CC9CD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "10E8E5E2-5674-40D5-AD86-8C4DDB442EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "690EDC73-47B5-4891-86A5-37B6ED80E145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B751BA4B-B7C8-4A87-A03C-5C91678FC832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "08943D31-2139-45D3-A0DB-0C11C31875CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "591FB74F-BD86-4314-A359-739A245D2642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5F2EF7B2-943F-4DFA-8249-7FC0F9FB0312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3AFC1E-01FF-4F91-8C82-5C16378812C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "95E552B8-8B26-4DEE-BC6A-BC0B01C42474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "66E26194-A7E6-4A99-8F55-7422A7E9BAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "58097735-FE3B-48B7-B5EA-3CD530E16031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA31260C-1C67-4E76-9F56-2359BFA0B197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58F1FC50-B6EB-48FD-A2FA-B8BEB05719DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DE90BD-B5F9-4762-B086-130AB04F3CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CCD5258B-C9DE-47BD-9172-27618F220201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC95B8DD-C8C6-4FC4-81A5-23D7669DA22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "894002C8-F3C1-4241-96FE-C088BBD0FCED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C91BA7D1-2A5B-4721-8E13-6520D6F0114B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE79FBB-801F-4B1E-8FB8-CB2A1FAF6EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "253DB571-62B7-4015-A758-9DE55AAB8B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AF9D8C-B11C-4681-84CE-5C86926C85F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "955FBDF4-5103-4B19-A5F1-9468F73C7A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4AAC0FF5-9699-4011-8C07-5DDAF13B64A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1262ECC9-7496-4D6B-880E-6CA85EE5CD46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1E6461-2F2A-49C5-9B2B-08DE418F2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B3F710-13EF-4A36-B191-E0FCC1D98E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB5988E-D04B-43B9-A980-82FD44D1D198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12A1021E-587D-47D3-80E8-43D9CCB4BD72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FAC9B923-222D-4F7F-970C-0B9ADF4E86F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D31B75AE-FF82-4B70-BDEC-4B0FA791A085",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C148A9D5-8899-4956-BE45-C4DBD4A2BE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "558A2B97-6582-445F-991C-4DD530E991DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "56509587-6CE6-4497-B571-0A014E1FE064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1B24CEB4-4F57-46CB-990B-AB664CEC96EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5E40EEF8-F075-4B87-BDE7-C2D1A39B2F80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5044BFB-4F00-4FFC-9A66-2FDC666B6C2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "827897F6-2A24-45EC-A072-8C02BA726069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3CFD6A-86E2-4E7B-BAC2-3163FC7DBF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7705A10C-0BA3-4F04-B757-5890B6A2A860",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133B8398-2495-47CD-B140-5247ECE86EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D14612B0-7F74-4ED6-89F9-A11ED75A577F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F5C105E-B22B-48B4-8DC8-5B747792C102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method."
},
{
"lang": "es",
"value": "El servidor SMTP en Postfix anterior a v2.5.13, v2.6.x anterior a v2.6.10, v2.7.x anterior a v2.7.4, y v2.8.x anterior a v2.8.3, cuando ciertos m\u00e9todos Cyrus SASL de autenticaci\u00f3n son activados, no crea un nuevo manejador de servidor despu\u00e9s de que la autentificaci\u00f3n falle, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria libre y ca\u00edda de demonio) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a tra\u00b4ves de un comando AUTH no v\u00e1lido con un m\u00e9todo seguido por un comando AUTH con un m\u00e9todo diferente."
}
],
"id": "CVE-2011-1720",
"lastModified": "2024-11-21T01:26:52.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-13T17:05:43.207",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44500"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8247"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/727230"
},
{
"source": "cve@mitre.org",
"url": "http://www.mail-archive.com/postfix-announce%40postfix.org/msg00007.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:090"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/72259"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.postfix.org/CVE-2011-1720.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.postfix.org/announcements/postfix-2.8.3.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/517917/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/47778"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1025521"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-1131-1"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=699035"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/727230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mail-archive.com/postfix-announce%40postfix.org/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/72259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.postfix.org/CVE-2011-1720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.postfix.org/announcements/postfix-2.8.3.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/517917/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/47778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-1131-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=699035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67359"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-16 22:55
Modified
2024-11-21 01:23
Severity ?
Summary
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postfix | postfix | 2.4 | |
| postfix | postfix | 2.4.0 | |
| postfix | postfix | 2.4.1 | |
| postfix | postfix | 2.4.2 | |
| postfix | postfix | 2.4.3 | |
| postfix | postfix | 2.4.4 | |
| postfix | postfix | 2.4.5 | |
| postfix | postfix | 2.4.6 | |
| postfix | postfix | 2.4.7 | |
| postfix | postfix | 2.4.8 | |
| postfix | postfix | 2.4.9 | |
| postfix | postfix | 2.4.10 | |
| postfix | postfix | 2.4.11 | |
| postfix | postfix | 2.4.12 | |
| postfix | postfix | 2.4.13 | |
| postfix | postfix | 2.4.14 | |
| postfix | postfix | 2.4.15 | |
| postfix | postfix | 2.5.0 | |
| postfix | postfix | 2.5.1 | |
| postfix | postfix | 2.5.2 | |
| postfix | postfix | 2.5.3 | |
| postfix | postfix | 2.5.4 | |
| postfix | postfix | 2.5.5 | |
| postfix | postfix | 2.5.6 | |
| postfix | postfix | 2.5.7 | |
| postfix | postfix | 2.5.8 | |
| postfix | postfix | 2.5.9 | |
| postfix | postfix | 2.5.10 | |
| postfix | postfix | 2.5.11 | |
| postfix | postfix | 2.6 | |
| postfix | postfix | 2.6.0 | |
| postfix | postfix | 2.6.1 | |
| postfix | postfix | 2.6.2 | |
| postfix | postfix | 2.6.3 | |
| postfix | postfix | 2.6.4 | |
| postfix | postfix | 2.6.5 | |
| postfix | postfix | 2.6.6 | |
| postfix | postfix | 2.6.7 | |
| postfix | postfix | 2.6.8 | |
| postfix | postfix | 2.7.0 | |
| postfix | postfix | 2.7.1 | |
| postfix | postfix | 2.7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "998D1069-1CF5-42C5-8668-49D72E2D2F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2138A68-3F3D-4C7E-9FEB-2C8A445F2789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5E0EB5-ECC6-4573-9EA7-83E5741DA3CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "790C02A8-95DD-42BE-8A1C-1C6D6DDCC443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A0034F2-585D-4A98-8428-996A726712DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B162B5-DEF5-46AD-87D1-734B3B637D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF3730A-0FFD-4C23-B758-BBA67CC9CD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "10E8E5E2-5674-40D5-AD86-8C4DDB442EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "690EDC73-47B5-4891-86A5-37B6ED80E145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B751BA4B-B7C8-4A87-A03C-5C91678FC832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "08943D31-2139-45D3-A0DB-0C11C31875CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "591FB74F-BD86-4314-A359-739A245D2642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5F2EF7B2-943F-4DFA-8249-7FC0F9FB0312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3AFC1E-01FF-4F91-8C82-5C16378812C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "95E552B8-8B26-4DEE-BC6A-BC0B01C42474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "66E26194-A7E6-4A99-8F55-7422A7E9BAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "58097735-FE3B-48B7-B5EA-3CD530E16031",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA31260C-1C67-4E76-9F56-2359BFA0B197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58F1FC50-B6EB-48FD-A2FA-B8BEB05719DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DE90BD-B5F9-4762-B086-130AB04F3CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CCD5258B-C9DE-47BD-9172-27618F220201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC95B8DD-C8C6-4FC4-81A5-23D7669DA22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "894002C8-F3C1-4241-96FE-C088BBD0FCED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C91BA7D1-2A5B-4721-8E13-6520D6F0114B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE79FBB-801F-4B1E-8FB8-CB2A1FAF6EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "253DB571-62B7-4015-A758-9DE55AAB8B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AF9D8C-B11C-4681-84CE-5C86926C85F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "955FBDF4-5103-4B19-A5F1-9468F73C7A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4AAC0FF5-9699-4011-8C07-5DDAF13B64A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1E6461-2F2A-49C5-9B2B-08DE418F2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B3F710-13EF-4A36-B191-E0FCC1D98E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB5988E-D04B-43B9-A980-82FD44D1D198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12A1021E-587D-47D3-80E8-43D9CCB4BD72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FAC9B923-222D-4F7F-970C-0B9ADF4E86F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D31B75AE-FF82-4B70-BDEC-4B0FA791A085",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C148A9D5-8899-4956-BE45-C4DBD4A2BE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "558A2B97-6582-445F-991C-4DD530E991DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "56509587-6CE6-4497-B571-0A014E1FE064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1B24CEB4-4F57-46CB-990B-AB664CEC96EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5044BFB-4F00-4FFC-9A66-2FDC666B6C2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "827897F6-2A24-45EC-A072-8C02BA726069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3CFD6A-86E2-4E7B-BAC2-3163FC7DBF17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de STARTTLS de Postfix 2.4.x anteriores a 2.4.16, 2.5.x anteriores a 2.5.12, 2.6.x anteriores a 2.6.9, y 2.7.x anteriores a 2.7.3 no restringe apropiadamente el buffering de I/O, lo que permite a atacantes man-in-the-middle insertar comandos en sesiones SMTP encriptadas enviando un comando en texto claro que es procesado despu\u00e9s de que TLS es iniciado. Relacionado con un ataque de \"inyecci\u00f3n de comandos de texto en claro\"."
}
],
"id": "CVE-2011-0411",
"lastModified": "2024-11-21T01:23:54.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-16T22:55:02.717",
"references": [
{
"source": "cret@cert.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "cret@cert.org",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43646"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/43874"
},
{
"source": "cret@cert.org",
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"source": "cret@cert.org",
"url": "http://securitytracker.com/id?1025179"
},
{
"source": "cret@cert.org",
"url": "http://support.apple.com/kb/HT5002"
},
{
"source": "cret@cert.org",
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z"
},
{
"source": "cret@cert.org",
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
},
{
"source": "cret@cert.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"source": "cret@cert.org",
"url": "http://www.osvdb.org/71021"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.postfix.org/CVE-2011-0411.html"
},
{
"source": "cret@cert.org",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"source": "cret@cert.org",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0423.html"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/46767"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2011/0891"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT5002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/71021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.postfix.org/CVE-2011-0411.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0423.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-24 12:15
Modified
2024-11-21 04:59
Severity ?
Summary
A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \xce\xbf to the 'o' character. This is potentially relevant when the /etc/postfix/sender_login feature is used, because a spoofed outbound message that uses a configured sender address is blocked with a "Sender address rejected: not logged in" error message, but a spoofed outbound message that uses a homoglyph of a configured sender address is not blocked. NOTE: some third parties argue that any missed blocking of spoofed outbound messages - except for exact matches to a sender address in the /etc/postfix/sender_login file - is outside the design goals of Postfix and thus cannot be considered a Postfix vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2020/04/23/12 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2020/04/23/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2020/04/23/12 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2020/04/23/3 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C851CA35-20A6-4D1E-8473-7FDFBB2F633B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \\xce\\xbf to the \u0027o\u0027 character. This is potentially relevant when the /etc/postfix/sender_login feature is used, because a spoofed outbound message that uses a configured sender address is blocked with a \"Sender address rejected: not logged in\" error message, but a spoofed outbound message that uses a homoglyph of a configured sender address is not blocked. NOTE: some third parties argue that any missed blocking of spoofed outbound messages - except for exact matches to a sender address in the /etc/postfix/sender_login file - is outside the design goals of Postfix and thus cannot be considered a Postfix vulnerability"
},
{
"lang": "es",
"value": "** EN DISPUTA ** Un determinado paquete Postfix versi\u00f3n 2.10.1-7, podr\u00eda permitir a un atacante enviar un correo electr\u00f3nico desde un remitente de aspecto arbitrario por medio de un ataque de Homoglifo, como es demostrado por la similitud de \\xce\\xbf con el car\u00e1cter \"o\". Esto es potencialmente relevante cuando es usada la funcionalidad /etc/postfix/sender_login, porque un mensaje saliente falso que usa una direcci\u00f3n de remitente configurada es bloqueado con un mensaje de error \"Sender address rejected: not logged in\", pero un mensaje saliente falso que usa un homoglifo de una direcci\u00f3n de remitente configurada no es bloqueado. NOTA: Algunos terceros sostienen que cualquier bloqueo omitido de mensajes salientes falsos - excepto por coincidencias exactas con una direcci\u00f3n del remitente en el archivo de /etc/postfix/sender_login - est\u00e1 fuera de los objetivos de dise\u00f1o de Postfix y, por lo tanto, no puede ser considerada una vulnerabilidad de Postfix."
}
],
"id": "CVE-2020-12063",
"lastModified": "2024-11-21T04:59:12.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-24T12:15:12.877",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/04/23/12"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/04/23/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/04/23/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/04/23/3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-24 05:15
Modified
2024-11-21 08:38
Severity ?
Summary
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>), a different solution is required, such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postfix | postfix | * | |
| postfix | postfix | * | |
| postfix | postfix | * | |
| postfix | postfix | * | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0598FFA3-9DB8-4D01-9049-3834B6B53000",
"versionEndExcluding": "3.5.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AD4364D-F93C-499E-8ECA-5228354D20B6",
"versionEndExcluding": "3.6.13",
"versionStartIncluding": "3.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7174307B-1249-47B5-BE66-9194AC26BA15",
"versionEndExcluding": "3.7.9",
"versionStartIncluding": "3.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A422C34-3E0E-4C3F-8EA9-4F442D88057D",
"versionEndExcluding": "3.8.4",
"versionStartIncluding": "3.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports \u003cLF\u003e.\u003cCR\u003e\u003cLF\u003e but some other popular e-mail servers do not. To prevent attack variants (by always disallowing \u003cLF\u003e without \u003cCR\u003e), a different solution is required, such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9."
},
{
"lang": "es",
"value": "Postfix hasta 3.8.4 permite el contrabando SMTP a menos que se configure con smtpd_data_restrictions=reject_unauth_pipelining (u otras opciones que existen en versiones recientes). Los atacantes remotos pueden utilizar una t\u00e9cnica de explotaci\u00f3n publicada para inyectar mensajes de correo electr\u00f3nico que parecen originarse en el servidor Postfix, lo que permite omitir un mecanismo de protecci\u00f3n SPF. Esto ocurre porque Postfix admite . pero algunos otros servidores de correo electr\u00f3nico populares no lo hacen. Para evitar variantes de ataque (al no permitir siempre sin ), se requiere una soluci\u00f3n diferente: la opci\u00f3n smtpd_forbid_bare_newline=yes con una versi\u00f3n m\u00ednima de Postfix de 3.5.23, 3.6.13, 3.7.9, 3.8.4, o 3.9."
}
],
"id": "CVE-2023-51764",
"lastModified": "2024-11-21T08:38:44.733",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-24T05:15:08.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/25/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2024/05/09/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-51764"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255563"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/duy-31/CVE-2023-51764"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/eeenvik1/CVE-2023-51764"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00020.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ5WXFCW2N6G2PH3JXDTYW5PH5EBQEGO/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRLF5SOS7TP5N7FQSEK2NFNB44ISVTZC/"
},
{
"source": "cve@mitre.org",
"url": "https://lwn.net/Articles/956533/"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/"
},
{
"source": "cve@mitre.org",
"url": "https://www.openwall.com/lists/oss-security/2024/01/22/1"
},
{
"source": "cve@mitre.org",
"url": "https://www.postfix.org/announcements/postfix-3.8.5.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.postfix.org/smtp-smuggling.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.youtube.com/watch?v=V8KPV96g1To"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/05/09/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-51764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/duy-31/CVE-2023-51764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/eeenvik1/CVE-2023-51764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ5WXFCW2N6G2PH3JXDTYW5PH5EBQEGO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRLF5SOS7TP5N7FQSEK2NFNB44ISVTZC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lwn.net/Articles/956533/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.openwall.com/lists/oss-security/2024/01/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.postfix.org/announcements/postfix-3.8.5.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.postfix.org/smtp-smuggling.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.youtube.com/watch?v=V8KPV96g1To"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-06 15:55
Modified
2024-11-21 00:52
Severity ?
Summary
postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating "This is not a real issue ... users would have to edit a script under /usr/lib to enable it.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DE90BD-B5F9-4762-B086-130AB04F3CB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating \"This is not a real issue ... users would have to edit a script under /usr/lib to enable it."
},
{
"lang": "es",
"value": "** CUESTIONADA ** postfix_groups.pl en Postfix v2.5.2 permite a usuarios locales sobrescribir ficheros a su elecci\u00f3n a trav\u00e9s de un ataque de enlace simulado en los ficheros temporales (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, y (3) /tmp/postfix_groups.message. NOTA: El vendedor ha impugnado esta vulnerabilidad, argumentando que \"Este no es un problema real...los usuarios deber\u00edan realizar una secuencia de comandos bajo /usr/lib para poder hacerlo\"."
}
],
"id": "CVE-2008-4977",
"lastModified": "2024-11-21T00:52:58.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-11-06T15:55:52.103",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/496401"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/postfix"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/496401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/postfix"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235811"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of postfix as shipped with Red Hat Enterprise Linux 3, 4, or 5. Mentioned script is not part of the official postfix distribution and is not included in Red Hat Enterprise Linux postfix packages.",
"lastModified": "2008-11-06T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-18 19:41
Modified
2024-11-21 00:48
Severity ?
Summary
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA31260C-1C67-4E76-9F56-2359BFA0B197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58F1FC50-B6EB-48FD-A2FA-B8BEB05719DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DE90BD-B5F9-4762-B086-130AB04F3CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CCD5258B-C9DE-47BD-9172-27618F220201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B3F710-13EF-4A36-B191-E0FCC1D98E23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user\u0027s account name."
},
{
"lang": "es",
"value": "Postfix 2.5 anterior a 2.5.4 y 2.6 anterior a 2.6-20080814 env\u00eda a un archivo buz\u00f3n incluso cuando este archivo no es propiedad del receptor, lo que permite a usuarios locales leer mensajes de correo creando un archivo buz\u00f3n correspondiente con el nombre de cuenta de otro usuario."
}
],
"evaluatorComment": "Please refer to the following links for additional version information (vendor release notes):\r\n\r\nPostfix 2.5 - ftp://mirrors.loonybin.net/pub/postfix/official/postfix-2.5.4.RELEASE_NOTES\r\n\r\nPostfix 2.6 - ftp://mirrors.loonybin.net/pub/postfix/experimental/postfix-2.6-20080814.RELEASE_NOTES",
"id": "CVE-2008-2937",
"lastModified": "2024-11-21T00:48:03.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-18T19:41:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY"
},
{
"source": "secalert@redhat.com",
"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY"
},
{
"source": "secalert@redhat.com",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31477"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31485"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31500"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32231"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200808-12.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0259"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:224"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/495632/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/30691"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/2385"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44461"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-2689"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200808-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495632/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/30691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-2689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=456347\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/",
"lastModified": "2008-08-19T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2008-4977
Vulnerability from cvelistv5
Published
2008-11-06 11:00
Modified
2024-09-17 00:50
Severity ?
EPSS score ?
Summary
postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating "This is not a real issue ... users would have to edit a script under /usr/lib to enable it.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2008/10/30/2 | mailing-list, x_refsource_MLIST | |
| https://bugs.gentoo.org/show_bug.cgi?id=235770 | x_refsource_MISC | |
| http://dev.gentoo.org/~rbu/security/debiantemp/postfix | x_refsource_MISC | |
| http://bugs.debian.org/496401 | x_refsource_MISC | |
| https://bugs.gentoo.org/show_bug.cgi?id=235811 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:31:28.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/postfix"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/496401"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235811"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating \"This is not a real issue ... users would have to edit a script under /usr/lib to enable it."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-06T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/postfix"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/496401"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235811"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating \"This is not a real issue ... users would have to edit a script under /usr/lib to enable it.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource": "MISC",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"name": "http://dev.gentoo.org/~rbu/security/debiantemp/postfix",
"refsource": "MISC",
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/postfix"
},
{
"name": "http://bugs.debian.org/496401",
"refsource": "MISC",
"url": "http://bugs.debian.org/496401"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=235811",
"refsource": "MISC",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235811"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4977",
"datePublished": "2008-11-06T11:00:00Z",
"dateReserved": "2008-11-06T00:00:00Z",
"dateUpdated": "2024-09-17T00:50:31.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12063
Vulnerability from cvelistv5
Published
2020-04-24 11:59
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \xce\xbf to the 'o' character. This is potentially relevant when the /etc/postfix/sender_login feature is used, because a spoofed outbound message that uses a configured sender address is blocked with a "Sender address rejected: not logged in" error message, but a spoofed outbound message that uses a homoglyph of a configured sender address is not blocked. NOTE: some third parties argue that any missed blocking of spoofed outbound messages - except for exact matches to a sender address in the /etc/postfix/sender_login file - is outside the design goals of Postfix and thus cannot be considered a Postfix vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2020/04/23/3 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2020/04/23/12 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:57.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/04/23/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/04/23/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \\xce\\xbf to the \u0027o\u0027 character. This is potentially relevant when the /etc/postfix/sender_login feature is used, because a spoofed outbound message that uses a configured sender address is blocked with a \"Sender address rejected: not logged in\" error message, but a spoofed outbound message that uses a homoglyph of a configured sender address is not blocked. NOTE: some third parties argue that any missed blocking of spoofed outbound messages - except for exact matches to a sender address in the /etc/postfix/sender_login file - is outside the design goals of Postfix and thus cannot be considered a Postfix vulnerability"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-24T12:05:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/04/23/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/04/23/12"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \\xce\\xbf to the \u0027o\u0027 character. This is potentially relevant when the /etc/postfix/sender_login feature is used, because a spoofed outbound message that uses a configured sender address is blocked with a \"Sender address rejected: not logged in\" error message, but a spoofed outbound message that uses a homoglyph of a configured sender address is not blocked. NOTE: some third parties argue that any missed blocking of spoofed outbound messages - except for exact matches to a sender address in the /etc/postfix/sender_login file - is outside the design goals of Postfix and thus cannot be considered a Postfix vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2020/04/23/3",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/04/23/3"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/04/23/12",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/04/23/12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12063",
"datePublished": "2020-04-24T11:59:03",
"dateReserved": "2020-04-22T00:00:00",
"dateUpdated": "2024-08-04T11:48:57.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10140
Vulnerability from cvelistv5
Published
2018-04-16 16:00
Modified
2024-08-05 17:33
Severity ?
EPSS score ?
Summary
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2017/q3/285 | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2019:0366 | vendor-advisory, x_refsource_REDHAT | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| http://www.postfix.org/announcements/postfix-3.2.2.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:33:16.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-sec] 20170611 Berkeley DB reads DB_CONFIG from cwd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2017/q3/285"
},
{
"name": "RHSA-2019:0366",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postfix.org/announcements/postfix-3.2.2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T17:34:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-sec] 20170611 Berkeley DB reads DB_CONFIG from cwd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2017/q3/285"
},
{
"name": "RHSA-2019:0366",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postfix.org/announcements/postfix-3.2.2.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-sec] 20170611 Berkeley DB reads DB_CONFIG from cwd",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2017/q3/285"
},
{
"name": "RHSA-2019:0366",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "http://www.postfix.org/announcements/postfix-3.2.2.html",
"refsource": "CONFIRM",
"url": "http://www.postfix.org/announcements/postfix-3.2.2.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10140",
"datePublished": "2018-04-16T16:00:00",
"dateReserved": "2017-06-21T00:00:00",
"dateUpdated": "2024-08-05T17:33:16.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2939
Vulnerability from cvelistv5
Published
2009-09-21 19:00
Modified
2024-08-07 06:07
Severity ?
EPSS score ?
Summary
The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2009/09/18/6 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2011/dsa-2233 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20090918 Insecure pid directory permissions for postfix on Debian / Ubuntu",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/09/18/6"
},
{
"name": "DSA-2233",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2233"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-08-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20090918 Insecure pid directory permissions for postfix on Debian / Ubuntu",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/09/18/6"
},
{
"name": "DSA-2233",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2233"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090918 Insecure pid directory permissions for postfix on Debian / Ubuntu",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/09/18/6"
},
{
"name": "DSA-2233",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2233"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2939",
"datePublished": "2009-09-21T19:00:00",
"dateReserved": "2009-08-23T00:00:00",
"dateUpdated": "2024-08-07T06:07:37.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2937
Vulnerability from cvelistv5
Published
2008-08-18 19:00
Modified
2024-08-07 09:21
Severity ?
EPSS score ?
Summary
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2008-8595",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html"
},
{
"name": "32231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32231"
},
{
"name": "MDVSA-2009:224",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:224"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY"
},
{
"name": "FEDORA-2008-8593",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2689"
},
{
"name": "20080821 rPSA-2008-0259-1 postfix",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495632/100/0/threaded"
},
{
"name": "postfix-email-information-disclosure(44461)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44461"
},
{
"name": "30691",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30691"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0259"
},
{
"name": "SUSE-SA:2008:040",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html"
},
{
"name": "RHSA-2011:0422",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY"
},
{
"name": "31500",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31500"
},
{
"name": "31477",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31477"
},
{
"name": "31485",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31485"
},
{
"name": "ADV-2008-2385",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2385"
},
{
"name": "GLSA-200808-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-12.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user\u0027s account name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2008-8595",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html"
},
{
"name": "32231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32231"
},
{
"name": "MDVSA-2009:224",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:224"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY"
},
{
"name": "FEDORA-2008-8593",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2689"
},
{
"name": "20080821 rPSA-2008-0259-1 postfix",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495632/100/0/threaded"
},
{
"name": "postfix-email-information-disclosure(44461)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44461"
},
{
"name": "30691",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30691"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0259"
},
{
"name": "SUSE-SA:2008:040",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html"
},
{
"name": "RHSA-2011:0422",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY"
},
{
"name": "31500",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31500"
},
{
"name": "31477",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31477"
},
{
"name": "31485",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31485"
},
{
"name": "ADV-2008-2385",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2385"
},
{
"name": "GLSA-200808-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-12.xml"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-2937",
"datePublished": "2008-08-18T19:00:00",
"dateReserved": "2008-06-30T00:00:00",
"dateUpdated": "2024-08-07T09:21:34.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0411
Vulnerability from cvelistv5
Published
2011-03-16 22:00
Modified
2024-08-06 21:51
Severity ?
EPSS score ?
Summary
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:08.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "multiple-starttls-command-execution(65932)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postfix.org/CVE-2011-0411.html"
},
{
"name": "43646",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43646"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "71021",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/71021"
},
{
"name": "ADV-2011-0752",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"name": "ADV-2011-0891",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0891"
},
{
"name": "GLSA-201206-33",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"name": "FEDORA-2011-3355",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html"
},
{
"name": "43874",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43874"
},
{
"name": "FEDORA-2011-3394",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "ADV-2011-0611",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"name": "46767",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46767"
},
{
"name": "RHSA-2011:0423",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0423.html"
},
{
"name": "VU#555316",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"name": "1025179",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025179"
},
{
"name": "RHSA-2011:0422",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "DSA-2233",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"name": "[oss-security] 20210810 STARTTLS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-10T11:07:06",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "multiple-starttls-command-execution(65932)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postfix.org/CVE-2011-0411.html"
},
{
"name": "43646",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43646"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "71021",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/71021"
},
{
"name": "ADV-2011-0752",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"name": "ADV-2011-0891",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0891"
},
{
"name": "GLSA-201206-33",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"name": "FEDORA-2011-3355",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html"
},
{
"name": "43874",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43874"
},
{
"name": "FEDORA-2011-3394",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "ADV-2011-0611",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"name": "46767",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46767"
},
{
"name": "RHSA-2011:0423",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0423.html"
},
{
"name": "VU#555316",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"name": "1025179",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025179"
},
{
"name": "RHSA-2011:0422",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "DSA-2233",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"name": "[oss-security] 20210810 STARTTLS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-0411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "multiple-starttls-command-execution(65932)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"name": "http://www.postfix.org/CVE-2011-0411.html",
"refsource": "CONFIRM",
"url": "http://www.postfix.org/CVE-2011-0411.html"
},
{
"name": "43646",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43646"
},
{
"name": "SUSE-SR:2011:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "71021",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/71021"
},
{
"name": "ADV-2011-0752",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"name": "ADV-2011-0891",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0891"
},
{
"name": "GLSA-201206-33",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"name": "FEDORA-2011-3355",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html"
},
{
"name": "43874",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43874"
},
{
"name": "FEDORA-2011-3394",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html"
},
{
"name": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "ADV-2011-0611",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"name": "46767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46767"
},
{
"name": "RHSA-2011:0423",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0423.html"
},
{
"name": "VU#555316",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"name": "1025179",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025179"
},
{
"name": "RHSA-2011:0422",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "DSA-2233",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"name": "[oss-security] 20210810 STARTTLS vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-0411",
"datePublished": "2011-03-16T22:00:00",
"dateReserved": "2011-01-11T00:00:00",
"dateUpdated": "2024-08-06T21:51:08.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2936
Vulnerability from cvelistv5
Published
2008-08-18 19:00
Modified
2024-08-07 09:21
Severity ?
EPSS score ?
Summary
Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2008-8595",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.3.15.HISTORY"
},
{
"name": "32231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32231"
},
{
"name": "31469",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31469"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY"
},
{
"name": "DSA-1629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1629"
},
{
"name": "31530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31530"
},
{
"name": "FEDORA-2008-8593",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2689"
},
{
"name": "1020700",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020700"
},
{
"name": "20080821 rPSA-2008-0259-1 postfix",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495632/100/0/threaded"
},
{
"name": "VU#938323",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/938323"
},
{
"name": "[postfix-announce] 20080814 Postfix local privilege escalation via hardlinked symlinks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.mail.postfix.announce/110"
},
{
"name": "4160",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4160"
},
{
"name": "30691",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30691"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0259"
},
{
"name": "SUSE-SA:2008:040",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html"
},
{
"name": "31474",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31474"
},
{
"name": "20080831 PoCfix (PoC for Postfix local root vuln - CVE-2008-2936)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495882/100/0/threaded"
},
{
"name": "postfix-symlink-code-execution(44460)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44460"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.4.8.HISTORY"
},
{
"name": "6337",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6337"
},
{
"name": "RHSA-2008:0839",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0839.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY"
},
{
"name": "31500",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31500"
},
{
"name": "oval:org.mitre.oval:def:10033",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10033"
},
{
"name": "31477",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31477"
},
{
"name": "31485",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31485"
},
{
"name": "USN-636-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/636-1/"
},
{
"name": "MDVSA-2008:171",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:171"
},
{
"name": "20080814 Postfix local privilege escalation via hardlinked symlinks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495474/100/0/threaded"
},
{
"name": "ADV-2008-2385",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2385"
},
{
"name": "GLSA-200808-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-12.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2008-8595",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.3.15.HISTORY"
},
{
"name": "32231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32231"
},
{
"name": "31469",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31469"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY"
},
{
"name": "DSA-1629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1629"
},
{
"name": "31530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31530"
},
{
"name": "FEDORA-2008-8593",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2689"
},
{
"name": "1020700",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020700"
},
{
"name": "20080821 rPSA-2008-0259-1 postfix",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495632/100/0/threaded"
},
{
"name": "VU#938323",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/938323"
},
{
"name": "[postfix-announce] 20080814 Postfix local privilege escalation via hardlinked symlinks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.mail.postfix.announce/110"
},
{
"name": "4160",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4160"
},
{
"name": "30691",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30691"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0259"
},
{
"name": "SUSE-SA:2008:040",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html"
},
{
"name": "31474",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31474"
},
{
"name": "20080831 PoCfix (PoC for Postfix local root vuln - CVE-2008-2936)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495882/100/0/threaded"
},
{
"name": "postfix-symlink-code-execution(44460)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44460"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.4.8.HISTORY"
},
{
"name": "6337",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6337"
},
{
"name": "RHSA-2008:0839",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0839.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY"
},
{
"name": "31500",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31500"
},
{
"name": "oval:org.mitre.oval:def:10033",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10033"
},
{
"name": "31477",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31477"
},
{
"name": "31485",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31485"
},
{
"name": "USN-636-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/636-1/"
},
{
"name": "MDVSA-2008:171",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:171"
},
{
"name": "20080814 Postfix local privilege escalation via hardlinked symlinks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495474/100/0/threaded"
},
{
"name": "ADV-2008-2385",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2385"
},
{
"name": "GLSA-200808-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-12.xml"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-2936",
"datePublished": "2008-08-18T19:00:00",
"dateReserved": "2008-06-30T00:00:00",
"dateUpdated": "2024-08-07T09:21:34.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0811
Vulnerability from cvelistv5
Published
2014-10-01 14:00
Modified
2024-08-06 18:38
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/51680 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2012/01/26/5 | mailing-list, x_refsource_MLIST | |
| http://www.codseq.it/advisories/multiple_vulnerabilities_in_postfixadmin | x_refsource_MISC | |
| https://svn.code.sf.net/p/postfixadmin/code/branches/postfixadmin-2.3/CHANGELOG.TXT | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/01/27/5 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51680",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51680"
},
{
"name": "[oss-security] 20120126 CVE request: PostfixAdmin SQL injections and XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/26/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.codseq.it/advisories/multiple_vulnerabilities_in_postfixadmin"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://svn.code.sf.net/p/postfixadmin/code/branches/postfixadmin-2.3/CHANGELOG.TXT"
},
{
"name": "[oss-security] 20120127 Re: CVE request: PostfixAdmin SQL injections and XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/27/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-01T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "51680",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51680"
},
{
"name": "[oss-security] 20120126 CVE request: PostfixAdmin SQL injections and XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/26/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.codseq.it/advisories/multiple_vulnerabilities_in_postfixadmin"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://svn.code.sf.net/p/postfixadmin/code/branches/postfixadmin-2.3/CHANGELOG.TXT"
},
{
"name": "[oss-security] 20120127 Re: CVE request: PostfixAdmin SQL injections and XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/27/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51680",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51680"
},
{
"name": "[oss-security] 20120126 CVE request: PostfixAdmin SQL injections and XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/26/5"
},
{
"name": "http://www.codseq.it/advisories/multiple_vulnerabilities_in_postfixadmin",
"refsource": "MISC",
"url": "http://www.codseq.it/advisories/multiple_vulnerabilities_in_postfixadmin"
},
{
"name": "https://svn.code.sf.net/p/postfixadmin/code/branches/postfixadmin-2.3/CHANGELOG.TXT",
"refsource": "CONFIRM",
"url": "https://svn.code.sf.net/p/postfixadmin/code/branches/postfixadmin-2.3/CHANGELOG.TXT"
},
{
"name": "[oss-security] 20120127 Re: CVE request: PostfixAdmin SQL injections and XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/27/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0811",
"datePublished": "2014-10-01T14:00:00",
"dateReserved": "2012-01-19T00:00:00",
"dateUpdated": "2024-08-06T18:38:14.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-51764
Vulnerability from cvelistv5
Published
2023-12-24 00:00
Modified
2024-08-02 22:48
Severity ?
EPSS score ?
Summary
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>), a different solution is required, such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:48:11.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.postfix.org/smtp-smuggling.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/"
},
{
"name": "[oss-security] 20231224 Re: Re: New SMTP smuggling attack",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/24/1"
},
{
"name": "[oss-security] 20231225 Re: Re: New SMTP smuggling attack",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/25/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255563"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-51764"
},
{
"tags": [
"x_transferred"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eeenvik1/CVE-2023-51764"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/duy-31/CVE-2023-51764"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=V8KPV96g1To"
},
{
"name": "FEDORA-2024-c839e7294f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRLF5SOS7TP5N7FQSEK2NFNB44ISVTZC/"
},
{
"name": "FEDORA-2024-5c186175f2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ5WXFCW2N6G2PH3JXDTYW5PH5EBQEGO/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lwn.net/Articles/956533/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/01/22/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.postfix.org/announcements/postfix-3.8.5.html"
},
{
"name": "[debian-lts-announce] 20240130 [SECURITY] [DLA 3725-1] postfix security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00020.html"
},
{
"name": "[oss-security] 20240508 Re: New SMTP smuggling attack",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/05/09/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports \u003cLF\u003e.\u003cCR\u003e\u003cLF\u003e but some other popular e-mail servers do not. To prevent attack variants (by always disallowing \u003cLF\u003e without \u003cCR\u003e), a different solution is required, such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T18:07:59.991035",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.postfix.org/smtp-smuggling.html"
},
{
"url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/"
},
{
"name": "[oss-security] 20231224 Re: Re: New SMTP smuggling attack",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/24/1"
},
{
"name": "[oss-security] 20231225 Re: Re: New SMTP smuggling attack",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/25/1"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255563"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-51764"
},
{
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.html"
},
{
"url": "https://github.com/eeenvik1/CVE-2023-51764"
},
{
"url": "https://github.com/duy-31/CVE-2023-51764"
},
{
"url": "https://www.youtube.com/watch?v=V8KPV96g1To"
},
{
"name": "FEDORA-2024-c839e7294f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRLF5SOS7TP5N7FQSEK2NFNB44ISVTZC/"
},
{
"name": "FEDORA-2024-5c186175f2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ5WXFCW2N6G2PH3JXDTYW5PH5EBQEGO/"
},
{
"url": "https://lwn.net/Articles/956533/"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/01/22/1"
},
{
"url": "https://www.postfix.org/announcements/postfix-3.8.5.html"
},
{
"name": "[debian-lts-announce] 20240130 [SECURITY] [DLA 3725-1] postfix security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00020.html"
},
{
"name": "[oss-security] 20240508 Re: New SMTP smuggling attack",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/05/09/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51764",
"datePublished": "2023-12-24T00:00:00",
"dateReserved": "2023-12-24T00:00:00",
"dateUpdated": "2024-08-02T22:48:11.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3889
Vulnerability from cvelistv5
Published
2008-09-12 16:00
Modified
2024-08-07 09:53
Severity ?
EPSS score ?
Summary
Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31986",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31986"
},
{
"name": "FEDORA-2008-8595",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html"
},
{
"name": "32231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32231"
},
{
"name": "20080916 [Suspected Spam][CVE-2008-4042] Postfix Linux-only local denial of service - PoC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496420/100/0/threaded"
},
{
"name": "31982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31982"
},
{
"name": "USN-642-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-642-1"
},
{
"name": "30977",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30977"
},
{
"name": "FEDORA-2008-8593",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html"
},
{
"name": "31800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31800"
},
{
"name": "postfix-filedescriptor-dos(44865)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44865"
},
{
"name": "4239",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4239"
},
{
"name": "SUSE-SR:2008:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name": "GLSA-200809-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200809-09.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wekk.net/research/CVE-2008-3889/"
},
{
"name": "31716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31716"
},
{
"name": "6472",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6472"
},
{
"name": "MDVSA-2008:190",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:190"
},
{
"name": "1020800",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020800"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postfix.org/announcements/20080902.html"
},
{
"name": "20081104 rPSA-2008-0311-1 postfix",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498037/100/0/threaded"
},
{
"name": "20080902 Postfix Linux-only local denial of service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495894/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0311"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of \"non-Postfix\" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31986",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31986"
},
{
"name": "FEDORA-2008-8595",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html"
},
{
"name": "32231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32231"
},
{
"name": "20080916 [Suspected Spam][CVE-2008-4042] Postfix Linux-only local denial of service - PoC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496420/100/0/threaded"
},
{
"name": "31982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31982"
},
{
"name": "USN-642-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-642-1"
},
{
"name": "30977",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30977"
},
{
"name": "FEDORA-2008-8593",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html"
},
{
"name": "31800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31800"
},
{
"name": "postfix-filedescriptor-dos(44865)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44865"
},
{
"name": "4239",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4239"
},
{
"name": "SUSE-SR:2008:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name": "GLSA-200809-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200809-09.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wekk.net/research/CVE-2008-3889/"
},
{
"name": "31716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31716"
},
{
"name": "6472",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6472"
},
{
"name": "MDVSA-2008:190",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:190"
},
{
"name": "1020800",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020800"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postfix.org/announcements/20080902.html"
},
{
"name": "20081104 rPSA-2008-0311-1 postfix",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498037/100/0/threaded"
},
{
"name": "20080902 Postfix Linux-only local denial of service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495894/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0311"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of \"non-Postfix\" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31986",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31986"
},
{
"name": "FEDORA-2008-8595",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html"
},
{
"name": "32231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32231"
},
{
"name": "20080916 [Suspected Spam][CVE-2008-4042] Postfix Linux-only local denial of service - PoC",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496420/100/0/threaded"
},
{
"name": "31982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31982"
},
{
"name": "USN-642-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-642-1"
},
{
"name": "30977",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30977"
},
{
"name": "FEDORA-2008-8593",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html"
},
{
"name": "31800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31800"
},
{
"name": "postfix-filedescriptor-dos(44865)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44865"
},
{
"name": "4239",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4239"
},
{
"name": "SUSE-SR:2008:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name": "GLSA-200809-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200809-09.xml"
},
{
"name": "http://www.wekk.net/research/CVE-2008-3889/",
"refsource": "MISC",
"url": "http://www.wekk.net/research/CVE-2008-3889/"
},
{
"name": "31716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31716"
},
{
"name": "6472",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6472"
},
{
"name": "MDVSA-2008:190",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:190"
},
{
"name": "1020800",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020800"
},
{
"name": "http://www.postfix.org/announcements/20080902.html",
"refsource": "CONFIRM",
"url": "http://www.postfix.org/announcements/20080902.html"
},
{
"name": "20081104 rPSA-2008-0311-1 postfix",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498037/100/0/threaded"
},
{
"name": "20080902 Postfix Linux-only local denial of service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495894/100/0/threaded"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0311",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0311"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3889",
"datePublished": "2008-09-12T16:00:00",
"dateReserved": "2008-09-02T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1720
Vulnerability from cvelistv5
Published
2011-05-13 17:00
Modified
2024-08-06 22:37
Severity ?
EPSS score ?
Summary
The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110509 Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517917/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postfix.org/CVE-2011-1720.html"
},
{
"name": "44500",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44500"
},
{
"name": "47778",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47778"
},
{
"name": "GLSA-201206-33",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"name": "72259",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/72259"
},
{
"name": "VU#727230",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/727230"
},
{
"name": "1025521",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025521"
},
{
"name": "[postfix-announce] 20110509 Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/postfix-announce%40postfix.org/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postfix.org/announcements/postfix-2.8.3.html"
},
{
"name": "8247",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8247"
},
{
"name": "SUSE-SA:2011:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=699035"
},
{
"name": "MDVSA-2011:090",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:090"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "DSA-2233",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"name": "USN-1131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-1131-1"
},
{
"name": "postfix-cyrus-sasl-code-exec(67359)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67359"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20110509 Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517917/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postfix.org/CVE-2011-1720.html"
},
{
"name": "44500",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44500"
},
{
"name": "47778",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47778"
},
{
"name": "GLSA-201206-33",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"name": "72259",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/72259"
},
{
"name": "VU#727230",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/727230"
},
{
"name": "1025521",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025521"
},
{
"name": "[postfix-announce] 20110509 Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/postfix-announce%40postfix.org/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postfix.org/announcements/postfix-2.8.3.html"
},
{
"name": "8247",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8247"
},
{
"name": "SUSE-SA:2011:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=699035"
},
{
"name": "MDVSA-2011:090",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:090"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "DSA-2233",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"name": "USN-1131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-1131-1"
},
{
"name": "postfix-cyrus-sasl-code-exec(67359)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67359"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110509 Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517917/100/0/threaded"
},
{
"name": "http://www.postfix.org/CVE-2011-1720.html",
"refsource": "CONFIRM",
"url": "http://www.postfix.org/CVE-2011-1720.html"
},
{
"name": "44500",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44500"
},
{
"name": "47778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47778"
},
{
"name": "GLSA-201206-33",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"name": "72259",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/72259"
},
{
"name": "VU#727230",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/727230"
},
{
"name": "1025521",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025521"
},
{
"name": "[postfix-announce] 20110509 Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720)",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/postfix-announce@postfix.org/msg00007.html"
},
{
"name": "http://www.postfix.org/announcements/postfix-2.8.3.html",
"refsource": "CONFIRM",
"url": "http://www.postfix.org/announcements/postfix-2.8.3.html"
},
{
"name": "8247",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8247"
},
{
"name": "SUSE-SA:2011:023",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00002.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=699035",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=699035"
},
{
"name": "MDVSA-2011:090",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:090"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "DSA-2233",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"name": "USN-1131-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-1131-1"
},
{
"name": "postfix-cyrus-sasl-code-exec(67359)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67359"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1720",
"datePublished": "2011-05-13T17:00:00",
"dateReserved": "2011-04-18T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}