CVE-2011-0411

Summary

CVE	CVE-2011-0411
State	PUBLISHED
Assigner	certcc
Source Priority	CVE Program / NVD first with legacy fallback
Published	2011-03-16 22:55:02 UTC
Updated	2026-04-29 01:13:23 UTC
Description	The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.

Risk And Classification

Primary CVSS: v2.0 6.8 from [email protected]

AV:N/AC:M/Au:N/C:P/I:P/A:P

Problem Types: CWE-264 | n/a

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Postfix	Postfix	2.4	All	All	All
Application	Postfix	Postfix	2.4.0	All	All	All
Application	Postfix	Postfix	2.4.1	All	All	All
Application	Postfix	Postfix	2.4.10	All	All	All
Application	Postfix	Postfix	2.4.11	All	All	All
Application	Postfix	Postfix	2.4.12	All	All	All
Application	Postfix	Postfix	2.4.13	All	All	All
Application	Postfix	Postfix	2.4.14	All	All	All
Application	Postfix	Postfix	2.4.15	All	All	All
Application	Postfix	Postfix	2.4.2	All	All	All
Application	Postfix	Postfix	2.4.3	All	All	All
Application	Postfix	Postfix	2.4.4	All	All	All
Application	Postfix	Postfix	2.4.5	All	All	All
Application	Postfix	Postfix	2.4.6	All	All	All
Application	Postfix	Postfix	2.4.7	All	All	All
Application	Postfix	Postfix	2.4.8	All	All	All
Application	Postfix	Postfix	2.4.9	All	All	All
Application	Postfix	Postfix	2.5.0	All	All	All
Application	Postfix	Postfix	2.5.1	All	All	All
Application	Postfix	Postfix	2.5.10	All	All	All
Application	Postfix	Postfix	2.5.11	All	All	All
Application	Postfix	Postfix	2.5.2	All	All	All
Application	Postfix	Postfix	2.5.3	All	All	All
Application	Postfix	Postfix	2.5.4	All	All	All
Application	Postfix	Postfix	2.5.5	All	All	All
Application	Postfix	Postfix	2.5.6	All	All	All
Application	Postfix	Postfix	2.5.7	All	All	All
Application	Postfix	Postfix	2.5.8	All	All	All
Application	Postfix	Postfix	2.5.9	All	All	All
Application	Postfix	Postfix	2.6	All	All	All
Application	Postfix	Postfix	2.6.0	All	All	All
Application	Postfix	Postfix	2.6.1	All	All	All
Application	Postfix	Postfix	2.6.2	All	All	All
Application	Postfix	Postfix	2.6.3	All	All	All
Application	Postfix	Postfix	2.6.4	All	All	All
Application	Postfix	Postfix	2.6.5	All	All	All
Application	Postfix	Postfix	2.6.6	All	All	All
Application	Postfix	Postfix	2.6.7	All	All	All
Application	Postfix	Postfix	2.6.8	All	All	All
Application	Postfix	Postfix	2.7.0	All	All	All
Application	Postfix	Postfix	2.7.1	All	All	All
Application	Postfix	Postfix	2.7.2	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
Postfix "STARTTLS" Plaintext Injection Vulnerability - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Postfix Information for VU#555316	af854a3a-2127-422b-91ae-364da2661108	www.kb.cert.org	US Government Resource
Fedora update for postfix - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Plaintext command injection in multiple implementations of STARTTLS (CVE-2011-0411)	af854a3a-2127-422b-91ae-364da2661108	www.postfix.org	Exploit, Vendor Advisory
[security-announce] SUSE Security Summary Report: SUSE-SR:2011:009	af854a3a-2127-422b-91ae-364da2661108	lists.opensuse.org
Support	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
Gentoo Linux Documentation -- Postfix: Multiple vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	security.gentoo.org
APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006	af854a3a-2127-422b-91ae-364da2661108	lists.apple.com
[SECURITY] Fedora 13 Update: postfix-2.7.3-1.fc13	af854a3a-2127-422b-91ae-364da2661108	lists.fedoraproject.org
[SECURITY] Fedora 14 Update: postfix-2.7.3-1.fc14	af854a3a-2127-422b-91ae-364da2661108	lists.fedoraproject.org
Postfix Plaintext to TLS Switching Error Lets Remote Users Inject Plaintext Commands - SecurityTracker	af854a3a-2127-422b-91ae-364da2661108	securitytracker.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com	Vendor Advisory
Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
www.osvdb.org/71021	af854a3a-2127-422b-91ae-364da2661108	www.osvdb.org
About the security content of OS X Lion v10.7.2 and Security Update 2011-006	af854a3a-2127-422b-91ae-364da2661108	support.apple.com
US-CERT Vulnerability Note VU#555316 - STARTTLS plaintext command injection vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.kb.cert.org	US Government Resource
oss-security - STARTTLS vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	www.openwall.com
Debian -- Security Information -- DSA-2233-1 postfix	af854a3a-2127-422b-91ae-364da2661108	www.debian.org
IBM X-Force Exchange	af854a3a-2127-422b-91ae-364da2661108	exchange.xforce.ibmcloud.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
Juniper Networks - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView	af854a3a-2127-422b-91ae-364da2661108	kb.juniper.net
Support	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
cpuapr2011	af854a3a-2127-422b-91ae-364da2661108	www.oracle.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.