Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2011-0411 (GCVE-0-2011-0411)
Vulnerability from cvelistv5 – Published: 2011-03-16 22:00 – Updated: 2024-08-06 21:51
VLAI?
EPSS
Summary
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
Date Public ?
2011-03-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:08.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "multiple-starttls-command-execution(65932)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postfix.org/CVE-2011-0411.html"
},
{
"name": "43646",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43646"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "71021",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/71021"
},
{
"name": "ADV-2011-0752",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"name": "ADV-2011-0891",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0891"
},
{
"name": "GLSA-201206-33",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"name": "FEDORA-2011-3355",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html"
},
{
"name": "43874",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43874"
},
{
"name": "FEDORA-2011-3394",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "ADV-2011-0611",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"name": "46767",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46767"
},
{
"name": "RHSA-2011:0423",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0423.html"
},
{
"name": "VU#555316",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"name": "1025179",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025179"
},
{
"name": "RHSA-2011:0422",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "DSA-2233",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"name": "[oss-security] 20210810 STARTTLS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-10T11:07:06.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "multiple-starttls-command-execution(65932)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postfix.org/CVE-2011-0411.html"
},
{
"name": "43646",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43646"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "71021",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/71021"
},
{
"name": "ADV-2011-0752",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"name": "ADV-2011-0891",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0891"
},
{
"name": "GLSA-201206-33",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"name": "FEDORA-2011-3355",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html"
},
{
"name": "43874",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43874"
},
{
"name": "FEDORA-2011-3394",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "ADV-2011-0611",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"name": "46767",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46767"
},
{
"name": "RHSA-2011:0423",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0423.html"
},
{
"name": "VU#555316",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"name": "1025179",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025179"
},
{
"name": "RHSA-2011:0422",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "DSA-2233",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"name": "[oss-security] 20210810 STARTTLS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-0411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "multiple-starttls-command-execution(65932)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"name": "http://www.postfix.org/CVE-2011-0411.html",
"refsource": "CONFIRM",
"url": "http://www.postfix.org/CVE-2011-0411.html"
},
{
"name": "43646",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43646"
},
{
"name": "SUSE-SR:2011:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "71021",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/71021"
},
{
"name": "ADV-2011-0752",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"name": "ADV-2011-0891",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0891"
},
{
"name": "GLSA-201206-33",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"name": "FEDORA-2011-3355",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html"
},
{
"name": "43874",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43874"
},
{
"name": "FEDORA-2011-3394",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html"
},
{
"name": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "ADV-2011-0611",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"name": "46767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46767"
},
{
"name": "RHSA-2011:0423",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0423.html"
},
{
"name": "VU#555316",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"name": "1025179",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025179"
},
{
"name": "RHSA-2011:0422",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "DSA-2233",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"name": "[oss-security] 20210810 STARTTLS vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-0411",
"datePublished": "2011-03-16T22:00:00.000Z",
"dateReserved": "2011-01-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:51:08.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2011-0411\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2011-03-16T22:55:02.717\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \\\"plaintext command injection\\\" attack.\"},{\"lang\":\"es\",\"value\":\"La implementaci\u00f3n de STARTTLS de Postfix 2.4.x anteriores a 2.4.16, 2.5.x anteriores a 2.5.12, 2.6.x anteriores a 2.6.9, y 2.7.x anteriores a 2.7.3 no restringe apropiadamente el buffering de I/O, lo que permite a atacantes man-in-the-middle insertar comandos en sesiones SMTP encriptadas enviando un comando en texto claro que es procesado despu\u00e9s de que TLS es iniciado. Relacionado con un ataque de \\\"inyecci\u00f3n de comandos de texto en claro\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"998D1069-1CF5-42C5-8668-49D72E2D2F17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2138A68-3F3D-4C7E-9FEB-2C8A445F2789\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED5E0EB5-ECC6-4573-9EA7-83E5741DA3CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"790C02A8-95DD-42BE-8A1C-1C6D6DDCC443\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A0034F2-585D-4A98-8428-996A726712DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8B162B5-DEF5-46AD-87D1-734B3B637D46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DF3730A-0FFD-4C23-B758-BBA67CC9CD92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10E8E5E2-5674-40D5-AD86-8C4DDB442EE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"690EDC73-47B5-4891-86A5-37B6ED80E145\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B751BA4B-B7C8-4A87-A03C-5C91678FC832\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08943D31-2139-45D3-A0DB-0C11C31875CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"591FB74F-BD86-4314-A359-739A245D2642\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F2EF7B2-943F-4DFA-8249-7FC0F9FB0312\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B3AFC1E-01FF-4F91-8C82-5C16378812C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95E552B8-8B26-4DEE-BC6A-BC0B01C42474\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66E26194-A7E6-4A99-8F55-7422A7E9BAB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58097735-FE3B-48B7-B5EA-3CD530E16031\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA31260C-1C67-4E76-9F56-2359BFA0B197\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58F1FC50-B6EB-48FD-A2FA-B8BEB05719DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1DE90BD-B5F9-4762-B086-130AB04F3CB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCD5258B-C9DE-47BD-9172-27618F220201\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC95B8DD-C8C6-4FC4-81A5-23D7669DA22A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"894002C8-F3C1-4241-96FE-C088BBD0FCED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C91BA7D1-2A5B-4721-8E13-6520D6F0114B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBE79FBB-801F-4B1E-8FB8-CB2A1FAF6EEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"253DB571-62B7-4015-A758-9DE55AAB8B9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.5.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7AF9D8C-B11C-4681-84CE-5C86926C85F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.5.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"955FBDF4-5103-4B19-A5F1-9468F73C7A54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.5.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AAC0FF5-9699-4011-8C07-5DDAF13B64A4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D1E6461-2F2A-49C5-9B2B-08DE418F2F7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5B3F710-13EF-4A36-B191-E0FCC1D98E23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFB5988E-D04B-43B9-A980-82FD44D1D198\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12A1021E-587D-47D3-80E8-43D9CCB4BD72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAC9B923-222D-4F7F-970C-0B9ADF4E86F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D31B75AE-FF82-4B70-BDEC-4B0FA791A085\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C148A9D5-8899-4956-BE45-C4DBD4A2BE08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"558A2B97-6582-445F-991C-4DD530E991DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56509587-6CE6-4497-B571-0A014E1FE064\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B24CEB4-4F57-46CB-990B-AB664CEC96EE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5044BFB-4F00-4FFC-9A66-2FDC666B6C2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"827897F6-2A24-45EC-A072-8C02BA726069\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A3CFD6A-86E2-4E7B-BAC2-3163FC7DBF17\"}]}]}],\"references\":[{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705\",\"source\":\"cret@cert.org\"},{\"url\":\"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://secunia.com/advisories/43646\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/43874\",\"source\":\"cret@cert.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-201206-33.xml\",\"source\":\"cret@cert.org\"},{\"url\":\"http://securitytracker.com/id?1025179\",\"source\":\"cret@cert.org\"},{\"url\":\"http://support.apple.com/kb/HT5002\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.debian.org/security/2011/dsa-2233\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/555316\",\"source\":\"cret@cert.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/MORO-8ELH6Z\",\"source\":\"cret@cert.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/08/10/2\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.osvdb.org/71021\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.postfix.org/CVE-2011-0411.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0422.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0423.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.securityfocus.com/bid/46767\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0611\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0752\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0891\",\"source\":\"cret@cert.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/65932\",\"source\":\"cret@cert.org\"},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/43646\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/43874\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-201206-33.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1025179\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT5002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2011/dsa-2233\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/555316\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/MORO-8ELH6Z\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/08/10/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/71021\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.postfix.org/CVE-2011-0411.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0422.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0423.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/46767\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0611\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0752\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0891\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/65932\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
RHSA-2011:0422
Vulnerability from csaf_redhat - Published: 2011-04-06 22:56 - Updated: 2026-01-13 21:06Summary
Red Hat Security Advisory: postfix security update
Severity
Moderate
Notes
Topic: Updated postfix packages that fix two security issues are now available for
Red Hat Enterprise Linux 4 and 5.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details: Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),
and TLS.
It was discovered that Postfix did not flush the received SMTP commands
buffer after switching to TLS encryption for an SMTP session. A
man-in-the-middle attacker could use this flaw to inject SMTP commands into
a victim's session during the plain text phase. This would lead to those
commands being processed by Postfix after TLS encryption is enabled,
possibly allowing the attacker to steal the victim's mail or authentication
credentials. (CVE-2011-0411)
It was discovered that Postfix did not properly check the permissions of
users' mailbox files. A local attacker able to create files in the mail
spool directory could use this flaw to create mailbox files for other local
users, and be able to read mail delivered to those users. (CVE-2008-2937)
Red Hat would like to thank the CERT/CC for reporting CVE-2011-0411, and
Sebastian Krahmer of the SuSE Security Team for reporting CVE-2008-2937.
The CERT/CC acknowledges Wietse Venema as the original reporter of
CVE-2011-0411.
Users of Postfix are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. After installing this
update, the postfix service will be restarted automatically.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.
1.9 ()
Vendor Fix
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2011:0422
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
4.0 ()
Vendor Fix
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2011:0422
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Acknowledgments
SuSE Security Team
Sebastian Krahmer
CERT/CC
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated postfix packages that fix two security issues are now available for\nRed Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),\nand TLS.\n\nIt was discovered that Postfix did not flush the received SMTP commands\nbuffer after switching to TLS encryption for an SMTP session. A\nman-in-the-middle attacker could use this flaw to inject SMTP commands into\na victim\u0027s session during the plain text phase. This would lead to those\ncommands being processed by Postfix after TLS encryption is enabled,\npossibly allowing the attacker to steal the victim\u0027s mail or authentication\ncredentials. (CVE-2011-0411)\n\nIt was discovered that Postfix did not properly check the permissions of\nusers\u0027 mailbox files. A local attacker able to create files in the mail\nspool directory could use this flaw to create mailbox files for other local\nusers, and be able to read mail delivered to those users. (CVE-2008-2937)\n\nRed Hat would like to thank the CERT/CC for reporting CVE-2011-0411, and\nSebastian Krahmer of the SuSE Security Team for reporting CVE-2008-2937.\nThe CERT/CC acknowledges Wietse Venema as the original reporter of\nCVE-2011-0411.\n\nUsers of Postfix are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing this\nupdate, the postfix service will be restarted automatically.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2011:0422",
"url": "https://access.redhat.com/errata/RHSA-2011:0422"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "456347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456347"
},
{
"category": "external",
"summary": "674814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=674814"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_0422.json"
}
],
"title": "Red Hat Security Advisory: postfix security update",
"tracking": {
"current_release_date": "2026-01-13T21:06:19+00:00",
"generator": {
"date": "2026-01-13T21:06:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2011:0422",
"initial_release_date": "2011-04-06T22:56:00+00:00",
"revision_history": [
{
"date": "2011-04-06T22:56:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2011-04-06T18:59:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-13T21:06:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5.6.z server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.ia64",
"product": {
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.ia64",
"product_id": "postfix-debuginfo-2:2.3.3-2.2.el5_6.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.3.3-2.2.el5_6?arch=ia64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.ia64",
"product": {
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.ia64",
"product_id": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-pflogsumm@2.3.3-2.2.el5_6?arch=ia64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.3.3-2.2.el5_6.ia64",
"product": {
"name": "postfix-2:2.3.3-2.2.el5_6.ia64",
"product_id": "postfix-2:2.3.3-2.2.el5_6.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.3.3-2.2.el5_6?arch=ia64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.2.10-1.4.el4.ia64",
"product": {
"name": "postfix-2:2.2.10-1.4.el4.ia64",
"product_id": "postfix-2:2.2.10-1.4.el4.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.2.10-1.4.el4?arch=ia64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"product": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"product_id": "postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-pflogsumm@2.2.10-1.4.el4?arch=ia64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"product": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"product_id": "postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.2.10-1.4.el4?arch=ia64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.ppc",
"product": {
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.ppc",
"product_id": "postfix-debuginfo-2:2.3.3-2.2.el5_6.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.3.3-2.2.el5_6?arch=ppc\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.ppc",
"product": {
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.ppc",
"product_id": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-pflogsumm@2.3.3-2.2.el5_6?arch=ppc\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.3.3-2.2.el5_6.ppc",
"product": {
"name": "postfix-2:2.3.3-2.2.el5_6.ppc",
"product_id": "postfix-2:2.3.3-2.2.el5_6.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.3.3-2.2.el5_6?arch=ppc\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.2.10-1.4.el4.ppc",
"product": {
"name": "postfix-2:2.2.10-1.4.el4.ppc",
"product_id": "postfix-2:2.2.10-1.4.el4.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.2.10-1.4.el4?arch=ppc\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"product": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"product_id": "postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-pflogsumm@2.2.10-1.4.el4?arch=ppc\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"product": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"product_id": "postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.2.10-1.4.el4?arch=ppc\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.s390x",
"product": {
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.s390x",
"product_id": "postfix-debuginfo-2:2.3.3-2.2.el5_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.3.3-2.2.el5_6?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.s390x",
"product": {
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.s390x",
"product_id": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-pflogsumm@2.3.3-2.2.el5_6?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.3.3-2.2.el5_6.s390x",
"product": {
"name": "postfix-2:2.3.3-2.2.el5_6.s390x",
"product_id": "postfix-2:2.3.3-2.2.el5_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.3.3-2.2.el5_6?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.2.10-1.4.el4.s390x",
"product": {
"name": "postfix-2:2.2.10-1.4.el4.s390x",
"product_id": "postfix-2:2.2.10-1.4.el4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.2.10-1.4.el4?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"product": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"product_id": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-pflogsumm@2.2.10-1.4.el4?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"product": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"product_id": "postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.2.10-1.4.el4?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.x86_64",
"product": {
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.x86_64",
"product_id": "postfix-debuginfo-2:2.3.3-2.2.el5_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.3.3-2.2.el5_6?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.x86_64",
"product": {
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.x86_64",
"product_id": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-pflogsumm@2.3.3-2.2.el5_6?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.3.3-2.2.el5_6.x86_64",
"product": {
"name": "postfix-2:2.3.3-2.2.el5_6.x86_64",
"product_id": "postfix-2:2.3.3-2.2.el5_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.3.3-2.2.el5_6?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.2.10-1.4.el4.x86_64",
"product": {
"name": "postfix-2:2.2.10-1.4.el4.x86_64",
"product_id": "postfix-2:2.2.10-1.4.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.2.10-1.4.el4?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"product": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"product_id": "postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-pflogsumm@2.2.10-1.4.el4?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"product": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"product_id": "postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.2.10-1.4.el4?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.i386",
"product": {
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.i386",
"product_id": "postfix-debuginfo-2:2.3.3-2.2.el5_6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.3.3-2.2.el5_6?arch=i386\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.i386",
"product": {
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.i386",
"product_id": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-pflogsumm@2.3.3-2.2.el5_6?arch=i386\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.3.3-2.2.el5_6.i386",
"product": {
"name": "postfix-2:2.3.3-2.2.el5_6.i386",
"product_id": "postfix-2:2.3.3-2.2.el5_6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.3.3-2.2.el5_6?arch=i386\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.2.10-1.4.el4.i386",
"product": {
"name": "postfix-2:2.2.10-1.4.el4.i386",
"product_id": "postfix-2:2.2.10-1.4.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.2.10-1.4.el4?arch=i386\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"product": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"product_id": "postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-pflogsumm@2.2.10-1.4.el4?arch=i386\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"product": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"product_id": "postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.2.10-1.4.el4?arch=i386\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "postfix-2:2.3.3-2.2.el5_6.src",
"product": {
"name": "postfix-2:2.3.3-2.2.el5_6.src",
"product_id": "postfix-2:2.3.3-2.2.el5_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.3.3-2.2.el5_6?arch=src\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.2.10-1.4.el4.src",
"product": {
"name": "postfix-2:2.2.10-1.4.el4.src",
"product_id": "postfix-2:2.2.10-1.4.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.2.10-1.4.el4?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "postfix-2:2.2.10-1.4.el4.s390",
"product": {
"name": "postfix-2:2.2.10-1.4.el4.s390",
"product_id": "postfix-2:2.2.10-1.4.el4.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.2.10-1.4.el4?arch=s390\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"product": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"product_id": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-pflogsumm@2.2.10-1.4.el4?arch=s390\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"product": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"product_id": "postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.2.10-1.4.el4?arch=s390\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-2:2.2.10-1.4.el4.i386"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-2:2.2.10-1.4.el4.ia64"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-2:2.2.10-1.4.el4.ppc"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-2:2.2.10-1.4.el4.s390"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-2:2.2.10-1.4.el4.s390x"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-2:2.2.10-1.4.el4.src"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-2:2.2.10-1.4.el4.x86_64"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-debuginfo-2:2.2.10-1.4.el4.i386"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-2:2.2.10-1.4.el4.i386"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-2:2.2.10-1.4.el4.ia64"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-2:2.2.10-1.4.el4.ppc"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-2:2.2.10-1.4.el4.s390"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-2:2.2.10-1.4.el4.s390x"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-2:2.2.10-1.4.el4.src"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-2:2.2.10-1.4.el4.x86_64"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.i386"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ia64"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ppc"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390x"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.i386"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-2:2.2.10-1.4.el4.i386"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-2:2.2.10-1.4.el4.ia64"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-2:2.2.10-1.4.el4.ppc"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-2:2.2.10-1.4.el4.s390"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-2:2.2.10-1.4.el4.s390x"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-2:2.2.10-1.4.el4.src"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-2:2.2.10-1.4.el4.x86_64"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-debuginfo-2:2.2.10-1.4.el4.i386"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ia64"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ppc"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390x"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.i386"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-2:2.2.10-1.4.el4.i386"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-2:2.2.10-1.4.el4.ia64"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-2:2.2.10-1.4.el4.ppc"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-2:2.2.10-1.4.el4.s390"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-2:2.2.10-1.4.el4.s390x"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-2:2.2.10-1.4.el4.src"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-2:2.2.10-1.4.el4.x86_64"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-debuginfo-2:2.2.10-1.4.el4.i386"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.3.3-2.2.el5_6.i386 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.i386"
},
"product_reference": "postfix-2:2.3.3-2.2.el5_6.i386",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.3.3-2.2.el5_6.ia64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ia64"
},
"product_reference": "postfix-2:2.3.3-2.2.el5_6.ia64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.3.3-2.2.el5_6.ppc as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ppc"
},
"product_reference": "postfix-2:2.3.3-2.2.el5_6.ppc",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.3.3-2.2.el5_6.s390x as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.s390x"
},
"product_reference": "postfix-2:2.3.3-2.2.el5_6.s390x",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.3.3-2.2.el5_6.src as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.src"
},
"product_reference": "postfix-2:2.3.3-2.2.el5_6.src",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.3.3-2.2.el5_6.x86_64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.x86_64"
},
"product_reference": "postfix-2:2.3.3-2.2.el5_6.x86_64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.i386 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.i386"
},
"product_reference": "postfix-debuginfo-2:2.3.3-2.2.el5_6.i386",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.ia64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ia64"
},
"product_reference": "postfix-debuginfo-2:2.3.3-2.2.el5_6.ia64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.ppc as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ppc"
},
"product_reference": "postfix-debuginfo-2:2.3.3-2.2.el5_6.ppc",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.s390x as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.s390x"
},
"product_reference": "postfix-debuginfo-2:2.3.3-2.2.el5_6.s390x",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.x86_64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.3.3-2.2.el5_6.x86_64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.i386 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.i386"
},
"product_reference": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.i386",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.ia64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ia64"
},
"product_reference": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.ia64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.ppc as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ppc"
},
"product_reference": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.ppc",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.s390x as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.s390x"
},
"product_reference": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.s390x",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.x86_64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.x86_64"
},
"product_reference": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.x86_64",
"relates_to_product_reference": "5Server-5.6.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Sebastian Krahmer"
],
"organization": "SuSE Security Team"
}
],
"cve": "CVE-2008-2937",
"discovery_date": "2008-07-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "456347"
}
],
"notes": [
{
"category": "description",
"text": "Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user\u0027s account name.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postfix improper mailbox permissions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:postfix-2:2.2.10-1.4.el4.i386",
"4AS:postfix-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-2:2.2.10-1.4.el4.s390",
"4AS:postfix-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-2:2.2.10-1.4.el4.src",
"4AS:postfix-2:2.2.10-1.4.el4.x86_64",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-2:2.2.10-1.4.el4.src",
"4Desktop:postfix-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-2:2.2.10-1.4.el4.i386",
"4ES:postfix-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-2:2.2.10-1.4.el4.s390",
"4ES:postfix-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-2:2.2.10-1.4.el4.src",
"4ES:postfix-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-2:2.2.10-1.4.el4.i386",
"4WS:postfix-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-2:2.2.10-1.4.el4.s390",
"4WS:postfix-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-2:2.2.10-1.4.el4.src",
"4WS:postfix-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.src",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.x86_64",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.x86_64",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2937"
},
{
"category": "external",
"summary": "RHBZ#456347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456347"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2937",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2937"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2937",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2937"
}
],
"release_date": "2008-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2011-04-06T22:56:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"4AS:postfix-2:2.2.10-1.4.el4.i386",
"4AS:postfix-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-2:2.2.10-1.4.el4.s390",
"4AS:postfix-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-2:2.2.10-1.4.el4.src",
"4AS:postfix-2:2.2.10-1.4.el4.x86_64",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-2:2.2.10-1.4.el4.src",
"4Desktop:postfix-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-2:2.2.10-1.4.el4.i386",
"4ES:postfix-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-2:2.2.10-1.4.el4.s390",
"4ES:postfix-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-2:2.2.10-1.4.el4.src",
"4ES:postfix-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-2:2.2.10-1.4.el4.i386",
"4WS:postfix-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-2:2.2.10-1.4.el4.s390",
"4WS:postfix-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-2:2.2.10-1.4.el4.src",
"4WS:postfix-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.src",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.x86_64",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.x86_64",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2011:0422"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS:postfix-2:2.2.10-1.4.el4.i386",
"4AS:postfix-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-2:2.2.10-1.4.el4.s390",
"4AS:postfix-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-2:2.2.10-1.4.el4.src",
"4AS:postfix-2:2.2.10-1.4.el4.x86_64",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-2:2.2.10-1.4.el4.src",
"4Desktop:postfix-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-2:2.2.10-1.4.el4.i386",
"4ES:postfix-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-2:2.2.10-1.4.el4.s390",
"4ES:postfix-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-2:2.2.10-1.4.el4.src",
"4ES:postfix-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-2:2.2.10-1.4.el4.i386",
"4WS:postfix-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-2:2.2.10-1.4.el4.s390",
"4WS:postfix-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-2:2.2.10-1.4.el4.src",
"4WS:postfix-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.src",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.x86_64",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.x86_64",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "postfix improper mailbox permissions"
},
{
"acknowledgments": [
{
"names": [
"CERT/CC"
]
}
],
"cve": "CVE-2011-0411",
"discovery_date": "2011-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "674814"
}
],
"notes": [
{
"category": "description",
"text": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postfix: SMTP commands injection during plaintext to TLS session switch",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affected postfix packages in Red Hat Enterprise Linux 4, 5, and 6. It was corrected via RHSA-2011:0422 and RHSA-2011:0423.\n\nThis issue did not affect the versions of sendmail as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6, and the versions of exim as shipped with Red Hat Enterprise Linux 4 and 5.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:postfix-2:2.2.10-1.4.el4.i386",
"4AS:postfix-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-2:2.2.10-1.4.el4.s390",
"4AS:postfix-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-2:2.2.10-1.4.el4.src",
"4AS:postfix-2:2.2.10-1.4.el4.x86_64",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-2:2.2.10-1.4.el4.src",
"4Desktop:postfix-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-2:2.2.10-1.4.el4.i386",
"4ES:postfix-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-2:2.2.10-1.4.el4.s390",
"4ES:postfix-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-2:2.2.10-1.4.el4.src",
"4ES:postfix-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-2:2.2.10-1.4.el4.i386",
"4WS:postfix-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-2:2.2.10-1.4.el4.s390",
"4WS:postfix-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-2:2.2.10-1.4.el4.src",
"4WS:postfix-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.src",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.x86_64",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.x86_64",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-0411"
},
{
"category": "external",
"summary": "RHBZ#674814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=674814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0411",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0411"
}
],
"release_date": "2011-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2011-04-06T22:56:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"4AS:postfix-2:2.2.10-1.4.el4.i386",
"4AS:postfix-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-2:2.2.10-1.4.el4.s390",
"4AS:postfix-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-2:2.2.10-1.4.el4.src",
"4AS:postfix-2:2.2.10-1.4.el4.x86_64",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-2:2.2.10-1.4.el4.src",
"4Desktop:postfix-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-2:2.2.10-1.4.el4.i386",
"4ES:postfix-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-2:2.2.10-1.4.el4.s390",
"4ES:postfix-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-2:2.2.10-1.4.el4.src",
"4ES:postfix-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-2:2.2.10-1.4.el4.i386",
"4WS:postfix-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-2:2.2.10-1.4.el4.s390",
"4WS:postfix-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-2:2.2.10-1.4.el4.src",
"4WS:postfix-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.src",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.x86_64",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.x86_64",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2011:0422"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS:postfix-2:2.2.10-1.4.el4.i386",
"4AS:postfix-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-2:2.2.10-1.4.el4.s390",
"4AS:postfix-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-2:2.2.10-1.4.el4.src",
"4AS:postfix-2:2.2.10-1.4.el4.x86_64",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-2:2.2.10-1.4.el4.src",
"4Desktop:postfix-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-2:2.2.10-1.4.el4.i386",
"4ES:postfix-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-2:2.2.10-1.4.el4.s390",
"4ES:postfix-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-2:2.2.10-1.4.el4.src",
"4ES:postfix-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-2:2.2.10-1.4.el4.i386",
"4WS:postfix-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-2:2.2.10-1.4.el4.s390",
"4WS:postfix-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-2:2.2.10-1.4.el4.src",
"4WS:postfix-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.src",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.x86_64",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.x86_64",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "postfix: SMTP commands injection during plaintext to TLS session switch"
}
]
}
RHSA-2011:0423
Vulnerability from csaf_redhat - Published: 2011-04-06 23:08 - Updated: 2026-01-13 21:06Summary
Red Hat Security Advisory: postfix security update
Severity
Moderate
Notes
Topic: Updated postfix packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details: Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),
and TLS.
It was discovered that Postfix did not flush the received SMTP commands
buffer after switching to TLS encryption for an SMTP session. A
man-in-the-middle attacker could use this flaw to inject SMTP commands into
a victim's session during the plain text phase. This would lead to those
commands being processed by Postfix after TLS encryption is enabled,
possibly allowing the attacker to steal the victim's mail or authentication
credentials. (CVE-2011-0411)
Red Hat would like to thank the CERT/CC for reporting CVE-2011-0411. The
CERT/CC acknowledges Wietse Venema as the original reporter.
Users of Postfix are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing this
update, the postfix service will be restarted automatically.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
4.0 ()
Vendor Fix
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2011:0423
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Acknowledgments
CERT/CC
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated postfix packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),\nand TLS.\n\nIt was discovered that Postfix did not flush the received SMTP commands\nbuffer after switching to TLS encryption for an SMTP session. A\nman-in-the-middle attacker could use this flaw to inject SMTP commands into\na victim\u0027s session during the plain text phase. This would lead to those\ncommands being processed by Postfix after TLS encryption is enabled,\npossibly allowing the attacker to steal the victim\u0027s mail or authentication\ncredentials. (CVE-2011-0411)\n\nRed Hat would like to thank the CERT/CC for reporting CVE-2011-0411. The\nCERT/CC acknowledges Wietse Venema as the original reporter.\n\nUsers of Postfix are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing this\nupdate, the postfix service will be restarted automatically.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2011:0423",
"url": "https://access.redhat.com/errata/RHSA-2011:0423"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "674814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=674814"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_0423.json"
}
],
"title": "Red Hat Security Advisory: postfix security update",
"tracking": {
"current_release_date": "2026-01-13T21:06:20+00:00",
"generator": {
"date": "2026-01-13T21:06:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2011:0423",
"initial_release_date": "2011-04-06T23:08:00+00:00",
"revision_history": [
{
"date": "2011-04-06T23:08:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2011-04-06T19:11:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-13T21:06:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"product": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"product_id": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.6.6-2.1.el6_0?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"product": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"product_id": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-perl-scripts@2.6.6-2.1.el6_0?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.6.6-2.1.el6_0.i686",
"product": {
"name": "postfix-2:2.6.6-2.1.el6_0.i686",
"product_id": "postfix-2:2.6.6-2.1.el6_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.6.6-2.1.el6_0?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"product": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"product_id": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.6.6-2.1.el6_0?arch=ppc64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"product": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"product_id": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-perl-scripts@2.6.6-2.1.el6_0?arch=ppc64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.6.6-2.1.el6_0.ppc64",
"product": {
"name": "postfix-2:2.6.6-2.1.el6_0.ppc64",
"product_id": "postfix-2:2.6.6-2.1.el6_0.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.6.6-2.1.el6_0?arch=ppc64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"product": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"product_id": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.6.6-2.1.el6_0?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"product": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"product_id": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-perl-scripts@2.6.6-2.1.el6_0?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.6.6-2.1.el6_0.s390x",
"product": {
"name": "postfix-2:2.6.6-2.1.el6_0.s390x",
"product_id": "postfix-2:2.6.6-2.1.el6_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.6.6-2.1.el6_0?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"product": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"product_id": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.6.6-2.1.el6_0?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"product": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"product_id": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-perl-scripts@2.6.6-2.1.el6_0?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.6.6-2.1.el6_0.x86_64",
"product": {
"name": "postfix-2:2.6.6-2.1.el6_0.x86_64",
"product_id": "postfix-2:2.6.6-2.1.el6_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.6.6-2.1.el6_0?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "postfix-2:2.6.6-2.1.el6_0.src",
"product": {
"name": "postfix-2:2.6.6-2.1.el6_0.src",
"product_id": "postfix-2:2.6.6-2.1.el6_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.6.6-2.1.el6_0?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-2:2.6.6-2.1.el6_0.src"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.src",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-2:2.6.6-2.1.el6_0.src"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.src",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.src"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.src",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.src as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-2:2.6.6-2.1.el6_0.src"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.src",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-2:2.6.6-2.1.el6_0.src"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.src",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.src as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-2:2.6.6-2.1.el6_0.src"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.src",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.src"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.src",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-2:2.6.6-2.1.el6_0.src"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.src",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Workstation"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"CERT/CC"
]
}
],
"cve": "CVE-2011-0411",
"discovery_date": "2011-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "674814"
}
],
"notes": [
{
"category": "description",
"text": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postfix: SMTP commands injection during plaintext to TLS session switch",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affected postfix packages in Red Hat Enterprise Linux 4, 5, and 6. It was corrected via RHSA-2011:0422 and RHSA-2011:0423.\n\nThis issue did not affect the versions of sendmail as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6, and the versions of exim as shipped with Red Hat Enterprise Linux 4 and 5.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.i686",
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.src",
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Client:postfix-2:2.6.6-2.1.el6_0.i686",
"6Client:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Client:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Client:postfix-2:2.6.6-2.1.el6_0.src",
"6Client:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.src",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.src",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.i686",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.src",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Server:postfix-2:2.6.6-2.1.el6_0.i686",
"6Server:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Server:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Server:postfix-2:2.6.6-2.1.el6_0.src",
"6Server:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.i686",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.src",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.i686",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.src",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-0411"
},
{
"category": "external",
"summary": "RHBZ#674814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=674814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0411",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0411"
}
],
"release_date": "2011-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2011-04-06T23:08:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.i686",
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.src",
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Client:postfix-2:2.6.6-2.1.el6_0.i686",
"6Client:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Client:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Client:postfix-2:2.6.6-2.1.el6_0.src",
"6Client:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.src",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.src",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.i686",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.src",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Server:postfix-2:2.6.6-2.1.el6_0.i686",
"6Server:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Server:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Server:postfix-2:2.6.6-2.1.el6_0.src",
"6Server:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.i686",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.src",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.i686",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.src",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2011:0423"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.i686",
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.src",
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Client:postfix-2:2.6.6-2.1.el6_0.i686",
"6Client:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Client:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Client:postfix-2:2.6.6-2.1.el6_0.src",
"6Client:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.src",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.src",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.i686",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.src",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Server:postfix-2:2.6.6-2.1.el6_0.i686",
"6Server:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Server:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Server:postfix-2:2.6.6-2.1.el6_0.src",
"6Server:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.i686",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.src",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.i686",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.src",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "postfix: SMTP commands injection during plaintext to TLS session switch"
}
]
}
GSD-2011-0411
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2011-0411",
"description": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack.",
"id": "GSD-2011-0411",
"references": [
"https://www.suse.com/security/cve/CVE-2011-0411.html",
"https://www.debian.org/security/2011/dsa-2233",
"https://access.redhat.com/errata/RHSA-2011:0423",
"https://access.redhat.com/errata/RHSA-2011:0422",
"https://linux.oracle.com/cve/CVE-2011-0411.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2011-0411"
],
"details": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack.",
"id": "GSD-2011-0411",
"modified": "2023-12-13T01:19:04.149135Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-0411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "multiple-starttls-command-execution(65932)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"name": "http://www.postfix.org/CVE-2011-0411.html",
"refsource": "CONFIRM",
"url": "http://www.postfix.org/CVE-2011-0411.html"
},
{
"name": "43646",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43646"
},
{
"name": "SUSE-SR:2011:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "71021",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/71021"
},
{
"name": "ADV-2011-0752",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"name": "ADV-2011-0891",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0891"
},
{
"name": "GLSA-201206-33",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"name": "FEDORA-2011-3355",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html"
},
{
"name": "43874",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43874"
},
{
"name": "FEDORA-2011-3394",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html"
},
{
"name": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "ADV-2011-0611",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"name": "46767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46767"
},
{
"name": "RHSA-2011:0423",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0423.html"
},
{
"name": "VU#555316",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"name": "1025179",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025179"
},
{
"name": "RHSA-2011:0422",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "DSA-2233",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"name": "[oss-security] 20210810 STARTTLS vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-0411"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43646",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43646"
},
{
"name": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z",
"refsource": "CONFIRM",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z"
},
{
"name": "VU#555316",
"refsource": "CERT-VN",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"name": "46767",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/46767"
},
{
"name": "ADV-2011-0611",
"refsource": "VUPEN",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"name": "71021",
"refsource": "OSVDB",
"tags": [],
"url": "http://www.osvdb.org/71021"
},
{
"name": "1025179",
"refsource": "SECTRACK",
"tags": [],
"url": "http://securitytracker.com/id?1025179"
},
{
"name": "http://www.postfix.org/CVE-2011-0411.html",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.postfix.org/CVE-2011-0411.html"
},
{
"name": "FEDORA-2011-3355",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html"
},
{
"name": "FEDORA-2011-3394",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html"
},
{
"name": "ADV-2011-0752",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"name": "43874",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/43874"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "ADV-2011-0891",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2011/0891"
},
{
"name": "RHSA-2011:0423",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0423.html"
},
{
"name": "DSA-2233",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"name": "RHSA-2011:0422",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"tags": [],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"tags": [],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "GLSA-201206-33",
"refsource": "GENTOO",
"tags": [],
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"name": "SUSE-SR:2011:009",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"tags": [],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "multiple-starttls-command-execution(65932)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"name": "[oss-security] 20210810 STARTTLS vulnerabilities",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2021-08-10T12:15Z",
"publishedDate": "2011-03-16T22:55Z"
}
}
}
FKIE_CVE-2011-0411
Vulnerability from fkie_nvd - Published: 2011-03-16 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | ||
| cret@cert.org | http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html | ||
| cret@cert.org | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html | ||
| cret@cert.org | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html | ||
| cret@cert.org | http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html | ||
| cret@cert.org | http://secunia.com/advisories/43646 | Vendor Advisory | |
| cret@cert.org | http://secunia.com/advisories/43874 | ||
| cret@cert.org | http://security.gentoo.org/glsa/glsa-201206-33.xml | ||
| cret@cert.org | http://securitytracker.com/id?1025179 | ||
| cret@cert.org | http://support.apple.com/kb/HT5002 | ||
| cret@cert.org | http://www.debian.org/security/2011/dsa-2233 | ||
| cret@cert.org | http://www.kb.cert.org/vuls/id/555316 | US Government Resource | |
| cret@cert.org | http://www.kb.cert.org/vuls/id/MORO-8ELH6Z | US Government Resource | |
| cret@cert.org | http://www.openwall.com/lists/oss-security/2021/08/10/2 | ||
| cret@cert.org | http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html | ||
| cret@cert.org | http://www.osvdb.org/71021 | ||
| cret@cert.org | http://www.postfix.org/CVE-2011-0411.html | Exploit, Vendor Advisory | |
| cret@cert.org | http://www.redhat.com/support/errata/RHSA-2011-0422.html | ||
| cret@cert.org | http://www.redhat.com/support/errata/RHSA-2011-0423.html | ||
| cret@cert.org | http://www.securityfocus.com/bid/46767 | ||
| cret@cert.org | http://www.vupen.com/english/advisories/2011/0611 | Vendor Advisory | |
| cret@cert.org | http://www.vupen.com/english/advisories/2011/0752 | ||
| cret@cert.org | http://www.vupen.com/english/advisories/2011/0891 | ||
| cret@cert.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/65932 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43646 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43874 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201206-33.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1025179 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT5002 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2233 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/555316 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/MORO-8ELH6Z | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/08/10/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/71021 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.postfix.org/CVE-2011-0411.html | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-0422.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-0423.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/46767 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0611 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0752 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0891 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/65932 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postfix | postfix | 2.4 | |
| postfix | postfix | 2.4.0 | |
| postfix | postfix | 2.4.1 | |
| postfix | postfix | 2.4.2 | |
| postfix | postfix | 2.4.3 | |
| postfix | postfix | 2.4.4 | |
| postfix | postfix | 2.4.5 | |
| postfix | postfix | 2.4.6 | |
| postfix | postfix | 2.4.7 | |
| postfix | postfix | 2.4.8 | |
| postfix | postfix | 2.4.9 | |
| postfix | postfix | 2.4.10 | |
| postfix | postfix | 2.4.11 | |
| postfix | postfix | 2.4.12 | |
| postfix | postfix | 2.4.13 | |
| postfix | postfix | 2.4.14 | |
| postfix | postfix | 2.4.15 | |
| postfix | postfix | 2.5.0 | |
| postfix | postfix | 2.5.1 | |
| postfix | postfix | 2.5.2 | |
| postfix | postfix | 2.5.3 | |
| postfix | postfix | 2.5.4 | |
| postfix | postfix | 2.5.5 | |
| postfix | postfix | 2.5.6 | |
| postfix | postfix | 2.5.7 | |
| postfix | postfix | 2.5.8 | |
| postfix | postfix | 2.5.9 | |
| postfix | postfix | 2.5.10 | |
| postfix | postfix | 2.5.11 | |
| postfix | postfix | 2.6 | |
| postfix | postfix | 2.6.0 | |
| postfix | postfix | 2.6.1 | |
| postfix | postfix | 2.6.2 | |
| postfix | postfix | 2.6.3 | |
| postfix | postfix | 2.6.4 | |
| postfix | postfix | 2.6.5 | |
| postfix | postfix | 2.6.6 | |
| postfix | postfix | 2.6.7 | |
| postfix | postfix | 2.6.8 | |
| postfix | postfix | 2.7.0 | |
| postfix | postfix | 2.7.1 | |
| postfix | postfix | 2.7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "998D1069-1CF5-42C5-8668-49D72E2D2F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2138A68-3F3D-4C7E-9FEB-2C8A445F2789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5E0EB5-ECC6-4573-9EA7-83E5741DA3CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "790C02A8-95DD-42BE-8A1C-1C6D6DDCC443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A0034F2-585D-4A98-8428-996A726712DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B162B5-DEF5-46AD-87D1-734B3B637D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF3730A-0FFD-4C23-B758-BBA67CC9CD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "10E8E5E2-5674-40D5-AD86-8C4DDB442EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "690EDC73-47B5-4891-86A5-37B6ED80E145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B751BA4B-B7C8-4A87-A03C-5C91678FC832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "08943D31-2139-45D3-A0DB-0C11C31875CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "591FB74F-BD86-4314-A359-739A245D2642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5F2EF7B2-943F-4DFA-8249-7FC0F9FB0312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3AFC1E-01FF-4F91-8C82-5C16378812C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "95E552B8-8B26-4DEE-BC6A-BC0B01C42474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "66E26194-A7E6-4A99-8F55-7422A7E9BAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "58097735-FE3B-48B7-B5EA-3CD530E16031",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA31260C-1C67-4E76-9F56-2359BFA0B197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58F1FC50-B6EB-48FD-A2FA-B8BEB05719DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DE90BD-B5F9-4762-B086-130AB04F3CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CCD5258B-C9DE-47BD-9172-27618F220201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC95B8DD-C8C6-4FC4-81A5-23D7669DA22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "894002C8-F3C1-4241-96FE-C088BBD0FCED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C91BA7D1-2A5B-4721-8E13-6520D6F0114B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE79FBB-801F-4B1E-8FB8-CB2A1FAF6EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "253DB571-62B7-4015-A758-9DE55AAB8B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AF9D8C-B11C-4681-84CE-5C86926C85F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "955FBDF4-5103-4B19-A5F1-9468F73C7A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4AAC0FF5-9699-4011-8C07-5DDAF13B64A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1E6461-2F2A-49C5-9B2B-08DE418F2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B3F710-13EF-4A36-B191-E0FCC1D98E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB5988E-D04B-43B9-A980-82FD44D1D198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12A1021E-587D-47D3-80E8-43D9CCB4BD72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FAC9B923-222D-4F7F-970C-0B9ADF4E86F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D31B75AE-FF82-4B70-BDEC-4B0FA791A085",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C148A9D5-8899-4956-BE45-C4DBD4A2BE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "558A2B97-6582-445F-991C-4DD530E991DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "56509587-6CE6-4497-B571-0A014E1FE064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1B24CEB4-4F57-46CB-990B-AB664CEC96EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5044BFB-4F00-4FFC-9A66-2FDC666B6C2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "827897F6-2A24-45EC-A072-8C02BA726069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3CFD6A-86E2-4E7B-BAC2-3163FC7DBF17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de STARTTLS de Postfix 2.4.x anteriores a 2.4.16, 2.5.x anteriores a 2.5.12, 2.6.x anteriores a 2.6.9, y 2.7.x anteriores a 2.7.3 no restringe apropiadamente el buffering de I/O, lo que permite a atacantes man-in-the-middle insertar comandos en sesiones SMTP encriptadas enviando un comando en texto claro que es procesado despu\u00e9s de que TLS es iniciado. Relacionado con un ataque de \"inyecci\u00f3n de comandos de texto en claro\"."
}
],
"id": "CVE-2011-0411",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-16T22:55:02.717",
"references": [
{
"source": "cret@cert.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "cret@cert.org",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43646"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/43874"
},
{
"source": "cret@cert.org",
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"source": "cret@cert.org",
"url": "http://securitytracker.com/id?1025179"
},
{
"source": "cret@cert.org",
"url": "http://support.apple.com/kb/HT5002"
},
{
"source": "cret@cert.org",
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z"
},
{
"source": "cret@cert.org",
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
},
{
"source": "cret@cert.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"source": "cret@cert.org",
"url": "http://www.osvdb.org/71021"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.postfix.org/CVE-2011-0411.html"
},
{
"source": "cret@cert.org",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"source": "cret@cert.org",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0423.html"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/46767"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2011/0891"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT5002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/71021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.postfix.org/CVE-2011-0411.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0423.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
OPENSUSE-SU-2024:10318-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
pure-ftpd-1.0.43-1.3 on GA media
Severity
Moderate
Notes
Title of the patch: pure-ftpd-1.0.43-1.3 on GA media
Description of the patch: These are all security issues fixed in the pure-ftpd-1.0.43-1.3 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10318
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "pure-ftpd-1.0.43-1.3 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the pure-ftpd-1.0.43-1.3 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10318",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10318-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-0411 page",
"url": "https://www.suse.com/security/cve/CVE-2011-0411/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-0418 page",
"url": "https://www.suse.com/security/cve/CVE-2011-0418/"
}
],
"title": "pure-ftpd-1.0.43-1.3 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10318-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "pure-ftpd-1.0.43-1.3.aarch64",
"product": {
"name": "pure-ftpd-1.0.43-1.3.aarch64",
"product_id": "pure-ftpd-1.0.43-1.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "pure-ftpd-1.0.43-1.3.ppc64le",
"product": {
"name": "pure-ftpd-1.0.43-1.3.ppc64le",
"product_id": "pure-ftpd-1.0.43-1.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "pure-ftpd-1.0.43-1.3.s390x",
"product": {
"name": "pure-ftpd-1.0.43-1.3.s390x",
"product_id": "pure-ftpd-1.0.43-1.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "pure-ftpd-1.0.43-1.3.x86_64",
"product": {
"name": "pure-ftpd-1.0.43-1.3.x86_64",
"product_id": "pure-ftpd-1.0.43-1.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pure-ftpd-1.0.43-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.aarch64"
},
"product_reference": "pure-ftpd-1.0.43-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pure-ftpd-1.0.43-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.ppc64le"
},
"product_reference": "pure-ftpd-1.0.43-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pure-ftpd-1.0.43-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.s390x"
},
"product_reference": "pure-ftpd-1.0.43-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pure-ftpd-1.0.43-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.x86_64"
},
"product_reference": "pure-ftpd-1.0.43-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-0411",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-0411"
}
],
"notes": [
{
"category": "general",
"text": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.aarch64",
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.ppc64le",
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.s390x",
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-0411",
"url": "https://www.suse.com/security/cve/CVE-2011-0411"
},
{
"category": "external",
"summary": "SUSE Bug 677792 for CVE-2011-0411",
"url": "https://bugzilla.suse.com/677792"
},
{
"category": "external",
"summary": "SUSE Bug 686590 for CVE-2011-0411",
"url": "https://bugzilla.suse.com/686590"
},
{
"category": "external",
"summary": "SUSE Bug 689178 for CVE-2011-0411",
"url": "https://bugzilla.suse.com/689178"
},
{
"category": "external",
"summary": "SUSE Bug 776967 for CVE-2011-0411",
"url": "https://bugzilla.suse.com/776967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.aarch64",
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.ppc64le",
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.s390x",
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-0411"
},
{
"cve": "CVE-2011-0418",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-0418"
}
],
"notes": [
{
"category": "general",
"text": "The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.aarch64",
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.ppc64le",
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.s390x",
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-0418",
"url": "https://www.suse.com/security/cve/CVE-2011-0418"
},
{
"category": "external",
"summary": "SUSE Bug 691365 for CVE-2011-0418",
"url": "https://bugzilla.suse.com/691365"
},
{
"category": "external",
"summary": "SUSE Bug 826666 for CVE-2011-0418",
"url": "https://bugzilla.suse.com/826666"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.aarch64",
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.ppc64le",
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.s390x",
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-0418"
}
]
}
CERTA-2011-AVI-146
Vulnerability from certfr_avis - Published: 2011-03-10 - Updated: 2011-03-10
Une vulnérabilité dans la gestion du protocole TLS permet à un attaquant d'insérer des commandes dans les communications SMTP d'une victime.
Description
Il est possible à un attaquant en position d'interception (man in the middle) d'insérer des commandes SMTP lorsqu'un client souhaite utiliser une connexion sécurisée au moyen de la commande STARTTLS, qui est un message transmis en clair. Ces commandes sont alors interprétées par le serveur dans le contexte d'une connexion sécurisée.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Postfix | Postfix | Postfix versions 2.5.x strictement inférieures à 2.5.12 ; | ||
| Postfix | Postfix | Postfix versions 2.6.x strictement inférieures à 2.6.9 ; | ||
| Postfix | Postfix | Postfix versions 2.7.x strictement inférieures à 2.7.3 ; | ||
| Postfix | Postfix | Postfix versions 2.4.x strictement inférieures à 2.4.16. |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Postfix versions 2.5.x strictement inf\u00e9rieures \u00e0 2.5.12 ;",
"product": {
"name": "Postfix",
"vendor": {
"name": "Postfix",
"scada": false
}
}
},
{
"description": "Postfix versions 2.6.x strictement inf\u00e9rieures \u00e0 2.6.9 ;",
"product": {
"name": "Postfix",
"vendor": {
"name": "Postfix",
"scada": false
}
}
},
{
"description": "Postfix versions 2.7.x strictement inf\u00e9rieures \u00e0 2.7.3 ;",
"product": {
"name": "Postfix",
"vendor": {
"name": "Postfix",
"scada": false
}
}
},
{
"description": "Postfix versions 2.4.x strictement inf\u00e9rieures \u00e0 2.4.16.",
"product": {
"name": "Postfix",
"vendor": {
"name": "Postfix",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nIl est possible \u00e0 un attaquant en position d\u0027interception (man in the\nmiddle) d\u0027ins\u00e9rer des commandes SMTP lorsqu\u0027un client souhaite utiliser\nune connexion s\u00e9curis\u00e9e au moyen de la commande STARTTLS, qui est un\nmessage transmis en clair. Ces commandes sont alors interpr\u00e9t\u00e9es par le\nserveur dans le contexte d\u0027une connexion s\u00e9curis\u00e9e.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
}
],
"initial_release_date": "2011-03-10T00:00:00",
"last_revision_date": "2011-03-10T00:00:00",
"links": [
{
"title": "Description d\u00e9taill\u00e9e de la vuln\u00e9rabilit\u00e9 CVE-2011-0411 :",
"url": "http://www.postfix.org/CVE-2011-0411.html"
}
],
"reference": "CERTA-2011-AVI-146",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-03-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans la gestion du protocole TLS permet \u00e0 un attaquant\nd\u0027ins\u00e9rer des commandes dans les communications SMTP d\u0027une victime.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Postfix",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de mise \u00e0 jour Postfix du 7 mars 2011",
"url": "http://www.postfix.org/announcements/postfix-2.7.3.html"
}
]
}
CERTA-2011-AVI-564
Vulnerability from certfr_avis - Published: 2011-10-13 - Updated: 2011-10-13
Plusieurs vulnérabilités présentes dans Mac OS X ont été corrigées.
Description
De multiples vulnérabilités découvertes dans Mac OS X permettent à une personne malveillante d'exécuter du code arbitraire à distance avec potentiellement des privilèges élevés, de provoquer un déni de service, de contourner la politique de sécurité du système, de porter atteinte à la confidentialité et à l'intégrité des données ou encore de réaliser une injection de code indirecte.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mac OS X v10.6.8 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Mac OS X Lion Server v10.7 et v10.7.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Mac OS X Server v10.7 et v10.7.1.",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Mac OS X Server v10.6.8 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans Mac OS X permettent \u00e0 une\npersonne malveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance avec\npotentiellement des privil\u00e8ges \u00e9lev\u00e9s, de provoquer un d\u00e9ni de service,\nde contourner la politique de s\u00e9curit\u00e9 du syst\u00e8me, de porter atteinte \u00e0\nla confidentialit\u00e9 et \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es ou encore de r\u00e9aliser\nune injection de code indirecte.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-3216",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3216"
},
{
"name": "CVE-2011-3436",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3436"
},
{
"name": "CVE-2010-1634",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1634"
},
{
"name": "CVE-2011-3214",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3214"
},
{
"name": "CVE-2011-0187",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0187"
},
{
"name": "CVE-2011-3192",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3192"
},
{
"name": "CVE-2011-3228",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3228"
},
{
"name": "CVE-2011-0421",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0421"
},
{
"name": "CVE-2011-0259",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0259"
},
{
"name": "CVE-2011-3221",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3221"
},
{
"name": "CVE-2010-4172",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4172"
},
{
"name": "CVE-2011-3217",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3217"
},
{
"name": "CVE-2011-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3219"
},
{
"name": "CVE-2011-0534",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0534"
},
{
"name": "CVE-2011-0230",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0230"
},
{
"name": "CVE-2011-0229",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0229"
},
{
"name": "CVE-2011-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1471"
},
{
"name": "CVE-2011-3222",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3222"
},
{
"name": "CVE-2011-1466",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1466"
},
{
"name": "CVE-2011-0226",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0226"
},
{
"name": "CVE-2011-0013",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0013"
},
{
"name": "CVE-2011-0231",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0231"
},
{
"name": "CVE-2011-3213",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3213"
},
{
"name": "CVE-2009-4022",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4022"
},
{
"name": "CVE-2011-1153",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1153"
},
{
"name": "CVE-2011-3218",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3218"
},
{
"name": "CVE-2011-2692",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2692"
},
{
"name": "CVE-2010-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4645"
},
{
"name": "CVE-2011-0249",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0249"
},
{
"name": "CVE-2011-3212",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3212"
},
{
"name": "CVE-2011-0250",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0250"
},
{
"name": "CVE-2011-1092",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1092"
},
{
"name": "CVE-2011-3227",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3227"
},
{
"name": "CVE-2011-1469",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1469"
},
{
"name": "CVE-2010-2227",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2227"
},
{
"name": "CVE-2011-1910",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1910"
},
{
"name": "CVE-2011-3220",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3220"
},
{
"name": "CVE-2011-0708",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0708"
},
{
"name": "CVE-2010-3614",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3614"
},
{
"name": "CVE-2011-3224",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3224"
},
{
"name": "CVE-2011-3226",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3226"
},
{
"name": "CVE-2011-0260",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0260"
},
{
"name": "CVE-2011-2690",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2690"
},
{
"name": "CVE-2011-3215",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3215"
},
{
"name": "CVE-2010-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3613"
},
{
"name": "CVE-2011-1521",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1521"
},
{
"name": "CVE-2011-1467",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1467"
},
{
"name": "CVE-2011-1755",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1755"
},
{
"name": "CVE-2011-3246",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3246"
},
{
"name": "CVE-2011-3435",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3435"
},
{
"name": "CVE-2011-2691",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2691"
},
{
"name": "CVE-2011-3437",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3437"
},
{
"name": "CVE-2011-0251",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0251"
},
{
"name": "CVE-2011-1470",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1470"
},
{
"name": "CVE-2011-3225",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3225"
},
{
"name": "CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
},
{
"name": "CVE-2010-3718",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3718"
},
{
"name": "CVE-2011-2464",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2464"
},
{
"name": "CVE-2010-3436",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3436"
},
{
"name": "CVE-2010-0097",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0097"
},
{
"name": "CVE-2011-0707",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0707"
},
{
"name": "CVE-2011-0252",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0252"
},
{
"name": "CVE-2011-0224",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0224"
},
{
"name": "CVE-2010-2089",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2089"
},
{
"name": "CVE-2011-0420",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0420"
},
{
"name": "CVE-2010-1157",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1157"
},
{
"name": "CVE-2011-0419",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0419"
},
{
"name": "CVE-2011-1468",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1468"
},
{
"name": "CVE-2011-3223",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3223"
},
{
"name": "CVE-2011-0185",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0185"
}
],
"initial_release_date": "2011-10-13T00:00:00",
"last_revision_date": "2011-10-13T00:00:00",
"links": [
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-3436 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-3436"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0708 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0708"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1467 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1467"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1910 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1910"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3217 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3217"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1153 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1153"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3220 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3220"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-3614 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-3614"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0420 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0420"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0411 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0411"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0224 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0224"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-3613 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-3613"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3225 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3225"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0249 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0249"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3227 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3227"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1521 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1521"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0185 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0185"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0252 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0252"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0226 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0226"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-4645 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-4645"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3213 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3213"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3221 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3221"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1471 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1471"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3435 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3435"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3218 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3218"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0013 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0013"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-1634 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-1634"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0250 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0250"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3224 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3224"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0259 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0259"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-2690 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-2690"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3226 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3226"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3216 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3216"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3212 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3212"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-2089 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-2089"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-3718 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-3718"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0260 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0260"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3214 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3214"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-1157 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-1157"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0707 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0707"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3223 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3223"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3246 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3246"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-2227 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-2227"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-4172 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-4172"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3436 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3436"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-2691 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-2691"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3437 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3437"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2009-4022 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2009-4022"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0187 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0187"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3192 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3192"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1755 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1755"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-0097 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-0097"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0419 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0419"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1466 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1466"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0421 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0421"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0251 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0251"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3219 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3219"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0229 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0229"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3222 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3222"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0534 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0534"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3228 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3228"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3215 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3215"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1092 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1092"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0230 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0230"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1470 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1470"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0231 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0231"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-2692 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-2692"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1468 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1468"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-2464 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-2464"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1469 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1469"
}
],
"reference": "CERTA-2011-AVI-564",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-10-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans Mac OS X ont \u00e9t\u00e9 corrig\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT5002 du 12 octobre 2011",
"url": "http://docs.info.apple.com/article.html?artnum=HT5002"
}
]
}
CERTA-2011-AVI-239
Vulnerability from certfr_avis - Published: 2011-04-20 - Updated: 2011-04-20
De multiples vulnérabilités présentes dans les produits Oracle Sun ont été corrigées.
Description
De multiples vulnérabilités présentes dans les produits Oracle Sun ont été corrigées. Les détails de ces vulnérabilités n'ont pas été divulgués mais l'une d'entre elles à un niveau de criticité maximal dans l'échelle de l'éditeur (10).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | N/A | Oracle iplanet Web Server (Sun Java System Web Server) versions 6.1, 7.0; | ||
| Oracle | N/A | Oracle Sun Glassfish Enterprise Server, Oracle Sun Java System Application Server versions 2.1, 2.11, 3.0.1, 9.1; | ||
| Oracle | N/A | Oracle Java Dynamic Management Kit cersion 5.1; | ||
| Oracle | N/A | Oracle Sun Solaris versions 8, 9, 10, 11 Express; | ||
| Oracle | N/A | Oracle Sun Java System Messaging Server versions 6.3, 7.0; | ||
| Oracle | N/A | Oracle Sun Java System Access Manager Policy Agent version 2.2; | ||
| Oracle | N/A | Oracle Open SSO Enterprise, Sun Java system Access Manager versions 7.1, 8.0. |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle iplanet Web Server (Sun Java System Web Server) versions 6.1, 7.0;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Sun Glassfish Enterprise Server, Oracle Sun Java System Application Server versions 2.1, 2.11, 3.0.1, 9.1;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java Dynamic Management Kit cersion 5.1;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Sun Solaris versions 8, 9, 10, 11 Express;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Sun Java System Messaging Server versions 6.3, 7.0;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Sun Java System Access Manager Policy Agent version 2.2;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Open SSO Enterprise, Sun Java system Access Manager versions 7.1, 8.0.",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits Oracle Sun ont\n\u00e9t\u00e9 corrig\u00e9es. Les d\u00e9tails de ces vuln\u00e9rabilit\u00e9s n\u0027ont pas \u00e9t\u00e9 divulgu\u00e9s\nmais l\u0027une d\u0027entre elles \u00e0 un niveau de criticit\u00e9 maximal dans l\u0027\u00e9chelle\nde l\u0027\u00e9diteur (10).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-4476",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4476"
},
{
"name": "CVE-2011-0820",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0820"
},
{
"name": "CVE-2011-0790",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0790"
},
{
"name": "CVE-2011-0839",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0839"
},
{
"name": "CVE-2011-0821",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0821"
},
{
"name": "CVE-2011-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0801"
},
{
"name": "CVE-2011-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0800"
},
{
"name": "CVE-2011-0813",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0813"
},
{
"name": "CVE-2011-0807",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0807"
},
{
"name": "CVE-2011-0829",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0829"
},
{
"name": "CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
},
{
"name": "CVE-2011-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0841"
},
{
"name": "CVE-2011-0844",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0844"
},
{
"name": "CVE-2011-0849",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0849"
},
{
"name": "CVE-2011-0847",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0847"
},
{
"name": "CVE-2011-0846",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0846"
},
{
"name": "CVE-2011-0812",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0812"
}
],
"initial_release_date": "2011-04-20T00:00:00",
"last_revision_date": "2011-04-20T00:00:00",
"links": [],
"reference": "CERTA-2011-AVI-239",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-04-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits Oracle Sun ont\n\u00e9t\u00e9 corrig\u00e9es.\n",
"title": "Multiples Vuln\u00e9rabilit\u00e9s dans les produits Oracle Sun",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle d\u0027avril 2011",
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2011-301950.html"
}
]
}
CERTA-2011-AVI-177
Vulnerability from certfr_avis - Published: 2011-03-30 - Updated: 2011-03-30
Une vulnérabilité dans Pure-FTPd permet à une personne malintentionnée de porter atteinte à l'intégrité des données.
Description
Une vulnérabilité dans la gestion des connexions sécurisées au moyen de la commande STARTTLS permet à une personne malintentionnée de porter atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Pure-FTPd versions antérieures à la 1.0.30
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003ePure-FTPd versions ant\u00e9rieures \u00e0 la 1.0.30\u003c/P\u003e",
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans la gestion des connexions s\u00e9curis\u00e9es au moyen de\nla commande STARTTLS permet \u00e0 une personne malintentionn\u00e9e de porter\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
}
],
"initial_release_date": "2011-03-30T00:00:00",
"last_revision_date": "2011-03-30T00:00:00",
"links": [],
"reference": "CERTA-2011-AVI-177",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-03-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans Pure-FTPd permet \u00e0 une personne malintentionn\u00e9e\nde porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Pure-FTPd",
"vendor_advisories": [
{
"published_at": null,
"title": "Note de nouvelle version Pure-FTPd 1.0.30",
"url": "http://www.pureftpd.org/project/pure-ftpd/news"
}
]
}
CERTFR-2015-AVI-431
Vulnerability from certfr_avis - Published: 2015-10-15 - Updated: 2015-10-15
De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QFabric 3100 Director versions 12.x",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "ScreenOS",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CTPView 7.0R3",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Juniper Junos OS",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-2905",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2905"
},
{
"name": "CVE-2011-2483",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2483"
},
{
"name": "CVE-2013-1667",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1667"
},
{
"name": "CVE-2012-3417",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3417"
},
{
"name": "CVE-2014-0063",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0063"
},
{
"name": "CVE-2015-5600",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
},
{
"name": "CVE-2014-3566",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3566"
},
{
"name": "CVE-2014-8867",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8867"
},
{
"name": "CVE-2015-1793",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1793"
},
{
"name": "CVE-2015-1791",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1791"
},
{
"name": "CVE-2009-3490",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3490"
},
{
"name": "CVE-2012-0866",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0866"
},
{
"name": "CVE-2010-3433",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3433"
},
{
"name": "CVE-2012-5526",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5526"
},
{
"name": "CVE-2010-1447",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1447"
},
{
"name": "CVE-2014-0061",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0061"
},
{
"name": "CVE-2009-0115",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0115"
},
{
"name": "CVE-2007-6067",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6067"
},
{
"name": "CVE-2010-0826",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0826"
},
{
"name": "CVE-2014-8159",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8159"
},
{
"name": "CVE-2010-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0211"
},
{
"name": "CVE-2013-4242",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4242"
},
{
"name": "CVE-2015-1158",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1158"
},
{
"name": "CVE-2015-2808",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
},
{
"name": "CVE-2010-4352",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4352"
},
{
"name": "CVE-2015-7749",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7749"
},
{
"name": "CVE-2011-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1720"
},
{
"name": "CVE-2010-1168",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1168"
},
{
"name": "CVE-2009-1189",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1189"
},
{
"name": "CVE-2014-6450",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6450"
},
{
"name": "CVE-2015-1789",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1789"
},
{
"name": "CVE-2008-2937",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2937"
},
{
"name": "CVE-2012-2697",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2697"
},
{
"name": "CVE-2013-2566",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
},
{
"name": "CVE-2011-1081",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1081"
},
{
"name": "CVE-2009-1632",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1632"
},
{
"name": "CVE-2012-3488",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3488"
},
{
"name": "CVE-2015-5361",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5361"
},
{
"name": "CVE-2013-6435",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6435"
},
{
"name": "CVE-2010-2761",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2761"
},
{
"name": "CVE-2012-5195",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5195"
},
{
"name": "CVE-2015-1788",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
},
{
"name": "CVE-2014-6449",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6449"
},
{
"name": "CVE-2015-1792",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1792"
},
{
"name": "CVE-2014-6451",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6451"
},
{
"name": "CVE-2012-6329",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6329"
},
{
"name": "CVE-2014-4345",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4345"
},
{
"name": "CVE-2008-5302",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5302"
},
{
"name": "CVE-2013-6629",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6629"
},
{
"name": "CVE-2014-2285",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2285"
},
{
"name": "CVE-2013-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4449"
},
{
"name": "CVE-2012-0868",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0868"
},
{
"name": "CVE-2007-4476",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4476"
},
{
"name": "CVE-2010-4410",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4410"
},
{
"name": "CVE-2008-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
},
{
"name": "CVE-2015-7752",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7752"
},
{
"name": "CVE-2010-0407",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0407"
},
{
"name": "CVE-2014-0064",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0064"
},
{
"name": "CVE-2014-0065",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0065"
},
{
"name": "CVE-2007-4772",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4772"
},
{
"name": "CVE-2013-0292",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0292"
},
{
"name": "CVE-2012-6151",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6151"
},
{
"name": "CVE-2008-5303",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5303"
},
{
"name": "CVE-2015-1159",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1159"
},
{
"name": "CVE-2011-2200",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2200"
},
{
"name": "CVE-2015-7748",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7748"
},
{
"name": "CVE-2015-7750",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7750"
},
{
"name": "CVE-2015-7751",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7751"
},
{
"name": "CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
},
{
"name": "CVE-2008-3834",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3834"
},
{
"name": "CVE-2010-0624",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0624"
},
{
"name": "CVE-2014-0062",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0062"
},
{
"name": "CVE-2011-1025",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1025"
},
{
"name": "CVE-2014-6448",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6448"
},
{
"name": "CVE-2011-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3597"
},
{
"name": "CVE-2010-0212",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0212"
},
{
"name": "CVE-2009-1185",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1185"
},
{
"name": "CVE-2009-4901",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4901"
},
{
"name": "CVE-2010-1172",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1172"
},
{
"name": "CVE-2010-4530",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4530"
},
{
"name": "CVE-2011-1024",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1024"
},
{
"name": "CVE-2014-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
},
{
"name": "CVE-2014-0060",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0060"
},
{
"name": "CVE-1999-0524",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0524"
},
{
"name": "CVE-2010-4015",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4015"
},
{
"name": "CVE-2011-0002",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0002"
},
{
"name": "CVE-2009-1574",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1574"
},
{
"name": "CVE-2009-3736",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3736"
},
{
"name": "CVE-2015-1790",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1790"
},
{
"name": "CVE-2012-2143",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2143"
},
{
"name": "CVE-2014-0066",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0066"
},
{
"name": "CVE-2010-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0001"
}
],
"initial_release_date": "2015-10-15T00:00:00",
"last_revision_date": "2015-10-15T00:00:00",
"links": [],
"reference": "CERTFR-2015-AVI-431",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10694 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10700 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10700\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10703 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10703\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10708 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10708\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10705 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10706 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10706\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10695 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10695\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10699 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10699\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10697 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10697\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10707 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10707\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10702 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10702\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10704 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10704\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10696 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10696\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10701 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10701\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2022-AVI-267
Vulnerability from certfr_avis - Published: 2022-03-23 - Updated: 2022-03-23
De multiples vulnérabilités ont été découvertes dans Juniper Networks Junos Space. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space | Juniper Networks Junos Space versions antérieures à 21.1R1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Networks Junos Space versions ant\u00e9rieures \u00e0 21.1R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-13078",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13078"
},
{
"name": "CVE-2017-13077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
},
{
"name": "CVE-2017-13080",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
},
{
"name": "CVE-2017-13082",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13082"
},
{
"name": "CVE-2017-13088",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13088"
},
{
"name": "CVE-2017-13086",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13086"
},
{
"name": "CVE-2017-13087",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13087"
},
{
"name": "CVE-2017-5715",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2007-1351",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1351"
},
{
"name": "CVE-2007-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1352"
},
{
"name": "CVE-2007-6284",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6284"
},
{
"name": "CVE-2008-2935",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2935"
},
{
"name": "CVE-2008-3281",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3281"
},
{
"name": "CVE-2008-3529",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
},
{
"name": "CVE-2008-4226",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4226"
},
{
"name": "CVE-2008-4225",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4225"
},
{
"name": "CVE-2009-2414",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
},
{
"name": "CVE-2009-2416",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
},
{
"name": "CVE-2008-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
},
{
"name": "CVE-2010-4008",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
},
{
"name": "CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
},
{
"name": "CVE-2011-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1720"
},
{
"name": "CVE-2011-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
},
{
"name": "CVE-2011-2834",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
},
{
"name": "CVE-2011-2895",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2895"
},
{
"name": "CVE-2011-3905",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
},
{
"name": "CVE-2011-3919",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
},
{
"name": "CVE-2012-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
},
{
"name": "CVE-2011-1944",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
},
{
"name": "CVE-2012-2807",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2012-5134",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
},
{
"name": "CVE-2011-3102",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
},
{
"name": "CVE-2013-2877",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2877"
},
{
"name": "CVE-2013-0338",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0338"
},
{
"name": "CVE-2012-6139",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
},
{
"name": "CVE-2013-2566",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
},
{
"name": "CVE-2013-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6462"
},
{
"name": "CVE-2014-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0211"
},
{
"name": "CVE-2014-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
},
{
"name": "CVE-2015-1803",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1803"
},
{
"name": "CVE-2015-1804",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1804"
},
{
"name": "CVE-2015-1802",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1802"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2015-5352",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5352"
},
{
"name": "CVE-2015-2808",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
},
{
"name": "CVE-2014-8991",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8991"
},
{
"name": "CVE-2014-7185",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7185"
},
{
"name": "CVE-2014-9365",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9365"
},
{
"name": "CVE-2015-6838",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6838"
},
{
"name": "CVE-2015-6837",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6837"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2015-7499",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
},
{
"name": "CVE-2015-8242",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
},
{
"name": "CVE-2015-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2015-5312",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
},
{
"name": "CVE-2016-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
},
{
"name": "CVE-2016-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
},
{
"name": "CVE-2016-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
},
{
"name": "CVE-2016-1834",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
},
{
"name": "CVE-2016-1840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
},
{
"name": "CVE-2016-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
},
{
"name": "CVE-2016-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
},
{
"name": "CVE-2016-1684",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
},
{
"name": "CVE-2016-1683",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2015-0975",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0975"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2016-3115",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3115"
},
{
"name": "CVE-2016-5636",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5636"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2017-7376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7376"
},
{
"name": "CVE-2017-7773",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7773"
},
{
"name": "CVE-2017-7772",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7772"
},
{
"name": "CVE-2017-7778",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7778"
},
{
"name": "CVE-2017-7771",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7771"
},
{
"name": "CVE-2017-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7774"
},
{
"name": "CVE-2017-7776",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7776"
},
{
"name": "CVE-2017-7777",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7777"
},
{
"name": "CVE-2017-7775",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7775"
},
{
"name": "CVE-2017-6463",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6463"
},
{
"name": "CVE-2017-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6462"
},
{
"name": "CVE-2017-6464",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6464"
},
{
"name": "CVE-2017-14492",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14492"
},
{
"name": "CVE-2017-14496",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14496"
},
{
"name": "CVE-2017-14491",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
},
{
"name": "CVE-2017-14493",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14493"
},
{
"name": "CVE-2017-14494",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14494"
},
{
"name": "CVE-2017-14495",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14495"
},
{
"name": "CVE-2017-5130",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5130"
},
{
"name": "CVE-2017-3736",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
},
{
"name": "CVE-2017-3735",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
},
{
"name": "CVE-2017-15412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
},
{
"name": "CVE-2017-3738",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
},
{
"name": "CVE-2017-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3737"
},
{
"name": "CVE-2017-17807",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17807"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2018-11214",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
},
{
"name": "CVE-2015-9019",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2017-16932",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2018-1000120",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000120"
},
{
"name": "CVE-2018-1000007",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000007"
},
{
"name": "CVE-2018-1000121",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000121"
},
{
"name": "CVE-2018-1000122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000122"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2018-6914",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6914"
},
{
"name": "CVE-2017-0898",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0898"
},
{
"name": "CVE-2018-8778",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8778"
},
{
"name": "CVE-2017-14033",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14033"
},
{
"name": "CVE-2018-8780",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8780"
},
{
"name": "CVE-2017-17742",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17742"
},
{
"name": "CVE-2017-10784",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10784"
},
{
"name": "CVE-2017-17405",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17405"
},
{
"name": "CVE-2018-8779",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8779"
},
{
"name": "CVE-2017-14064",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14064"
},
{
"name": "CVE-2018-8777",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8777"
},
{
"name": "CVE-2018-16395",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16395"
},
{
"name": "CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"name": "CVE-2018-16396",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16396"
},
{
"name": "CVE-2018-0495",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
},
{
"name": "CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"name": "CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"name": "CVE-2018-1126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
},
{
"name": "CVE-2018-7858",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7858"
},
{
"name": "CVE-2018-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
},
{
"name": "CVE-2018-10897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
},
{
"name": "CVE-2018-1064",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1064"
},
{
"name": "CVE-2018-5683",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5683"
},
{
"name": "CVE-2017-13672",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13672"
},
{
"name": "CVE-2018-11212",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11212"
},
{
"name": "CVE-2017-18267",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18267"
},
{
"name": "CVE-2018-13988",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13988"
},
{
"name": "CVE-2018-20169",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20169"
},
{
"name": "CVE-2018-19985",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19985"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-6133",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6133"
},
{
"name": "CVE-2018-18311",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18311"
},
{
"name": "CVE-2018-12127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
},
{
"name": "CVE-2018-12130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
},
{
"name": "CVE-2019-11091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
},
{
"name": "CVE-2018-12126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
},
{
"name": "CVE-2019-9503",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
},
{
"name": "CVE-2019-10132",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10132"
},
{
"name": "CVE-2019-11190",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11190"
},
{
"name": "CVE-2019-11884",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11884"
},
{
"name": "CVE-2019-11487",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11487"
},
{
"name": "CVE-2019-12382",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12382"
},
{
"name": "CVE-2018-7191",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7191"
},
{
"name": "CVE-2019-5953",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5953"
},
{
"name": "CVE-2019-12614",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12614"
},
{
"name": "CVE-2019-11729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2018-1060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1060"
},
{
"name": "CVE-2018-12327",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12327"
},
{
"name": "CVE-2018-1061",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1061"
},
{
"name": "CVE-2019-10639",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10639"
},
{
"name": "CVE-2019-10638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10638"
},
{
"name": "CVE-2018-20836",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20836"
},
{
"name": "CVE-2019-13233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13233"
},
{
"name": "CVE-2019-14283",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14283"
},
{
"name": "CVE-2019-13648",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13648"
},
{
"name": "CVE-2019-10207",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10207"
},
{
"name": "CVE-2015-9289",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9289"
},
{
"name": "CVE-2019-14816",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14816"
},
{
"name": "CVE-2019-15239",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15239"
},
{
"name": "CVE-2019-15917",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15917"
},
{
"name": "CVE-2017-18551",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18551"
},
{
"name": "CVE-2019-15217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15217"
},
{
"name": "CVE-2019-14821",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14821"
},
{
"name": "CVE-2019-11068",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11068"
},
{
"name": "CVE-2018-18066",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18066"
},
{
"name": "CVE-2019-15903",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
},
{
"name": "CVE-2019-17666",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17666"
},
{
"name": "CVE-2019-17133",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17133"
},
{
"name": "CVE-2018-12207",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12207"
},
{
"name": "CVE-2019-11135",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
},
{
"name": "CVE-2019-0154",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0154"
},
{
"name": "CVE-2019-17055",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17055"
},
{
"name": "CVE-2019-17053",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17053"
},
{
"name": "CVE-2019-16746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
},
{
"name": "CVE-2019-0155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0155"
},
{
"name": "CVE-2019-16233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16233"
},
{
"name": "CVE-2019-15807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15807"
},
{
"name": "CVE-2019-16231",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16231"
},
{
"name": "CVE-2019-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
},
{
"name": "CVE-2019-11745",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
},
{
"name": "CVE-2019-19058",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19058"
},
{
"name": "CVE-2019-14895",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14895"
},
{
"name": "CVE-2019-19046",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19046"
},
{
"name": "CVE-2019-15916",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15916"
},
{
"name": "CVE-2019-18660",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18660"
},
{
"name": "CVE-2019-19063",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19063"
},
{
"name": "CVE-2019-19062",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19062"
},
{
"name": "CVE-2018-14526",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14526"
},
{
"name": "CVE-2019-13734",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13734"
},
{
"name": "CVE-2019-19530",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19530"
},
{
"name": "CVE-2019-19534",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19534"
},
{
"name": "CVE-2019-19524",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19524"
},
{
"name": "CVE-2019-14901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14901"
},
{
"name": "CVE-2019-19537",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19537"
},
{
"name": "CVE-2019-19523",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19523"
},
{
"name": "CVE-2019-19338",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19338"
},
{
"name": "CVE-2019-19332",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19332"
},
{
"name": "CVE-2019-19527",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19527"
},
{
"name": "CVE-2019-18808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18808"
},
{
"name": "CVE-2019-19767",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19767"
},
{
"name": "CVE-2019-19807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19807"
},
{
"name": "CVE-2019-19055",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19055"
},
{
"name": "CVE-2019-17023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
},
{
"name": "CVE-2019-9824",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9824"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2019-12749",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
},
{
"name": "CVE-2019-19447",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19447"
},
{
"name": "CVE-2019-20095",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20095"
},
{
"name": "CVE-2019-20054",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20054"
},
{
"name": "CVE-2019-18634",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18634"
},
{
"name": "CVE-2019-14898",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14898"
},
{
"name": "CVE-2019-16994",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16994"
},
{
"name": "CVE-2019-18282",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18282"
},
{
"name": "CVE-2020-2732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2732"
},
{
"name": "CVE-2019-19059",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19059"
},
{
"name": "CVE-2019-3901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3901"
},
{
"name": "CVE-2020-9383",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9383"
},
{
"name": "CVE-2020-8647",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8647"
},
{
"name": "CVE-2020-8649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8649"
},
{
"name": "CVE-2020-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
},
{
"name": "CVE-2019-9458",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9458"
},
{
"name": "CVE-2020-10942",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10942"
},
{
"name": "CVE-2019-9454",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9454"
},
{
"name": "CVE-2020-11565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11565"
},
{
"name": "CVE-2020-10690",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10690"
},
{
"name": "CVE-2020-10751",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10751"
},
{
"name": "CVE-2020-12826",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12826"
},
{
"name": "CVE-2020-12654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12654"
},
{
"name": "CVE-2020-10732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10732"
},
{
"name": "CVE-2019-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20636"
},
{
"name": "CVE-2019-20811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20811"
},
{
"name": "CVE-2020-12653",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12653"
},
{
"name": "CVE-2020-10757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10757"
},
{
"name": "CVE-2020-12770",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12770"
},
{
"name": "CVE-2020-12888",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12888"
},
{
"name": "CVE-2020-12402",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12402"
},
{
"name": "CVE-2018-16881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
},
{
"name": "CVE-2018-19519",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19519"
},
{
"name": "CVE-2020-10713",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10713"
},
{
"name": "CVE-2020-14311",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14311"
},
{
"name": "CVE-2020-14309",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14309"
},
{
"name": "CVE-2020-15706",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15706"
},
{
"name": "CVE-2020-14308",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14308"
},
{
"name": "CVE-2020-14310",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14310"
},
{
"name": "CVE-2020-15705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15705"
},
{
"name": "CVE-2020-15707",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15707"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2020-10769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10769"
},
{
"name": "CVE-2020-14364",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14364"
},
{
"name": "CVE-2020-12400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
},
{
"name": "CVE-2020-12401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
},
{
"name": "CVE-2020-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2020-14305",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
},
{
"name": "CVE-2020-10742",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10742"
},
{
"name": "CVE-2020-14385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
},
{
"name": "CVE-2020-25643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
},
{
"name": "CVE-2020-15999",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15999"
},
{
"name": "CVE-2018-20843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20843"
},
{
"name": "CVE-2018-5729",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5729"
},
{
"name": "CVE-2018-5730",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5730"
},
{
"name": "CVE-2020-13817",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13817"
},
{
"name": "CVE-2020-11868",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11868"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2019-17006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
},
{
"name": "CVE-2019-13232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13232"
},
{
"name": "CVE-2020-10531",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10531"
},
{
"name": "CVE-2019-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8696"
},
{
"name": "CVE-2019-20907",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20907"
},
{
"name": "CVE-2019-8675",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8675"
},
{
"name": "CVE-2017-12652",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
},
{
"name": "CVE-2019-12450",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12450"
},
{
"name": "CVE-2020-12825",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12825"
},
{
"name": "CVE-2020-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12243"
},
{
"name": "CVE-2019-14866",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14866"
},
{
"name": "CVE-2020-1983",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1983"
},
{
"name": "CVE-2019-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5188"
},
{
"name": "CVE-2019-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5094"
},
{
"name": "CVE-2020-10754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10754"
},
{
"name": "CVE-2020-12049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
},
{
"name": "CVE-2019-14822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14822"
},
{
"name": "CVE-2020-14363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
},
{
"name": "CVE-2019-9924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
},
{
"name": "CVE-2018-18751",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18751"
},
{
"name": "CVE-2019-9948",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9948"
},
{
"name": "CVE-2019-20386",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20386"
},
{
"name": "CVE-2017-13722",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13722"
},
{
"name": "CVE-2014-0210",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0210"
},
{
"name": "CVE-2018-16403",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16403"
},
{
"name": "CVE-2018-15746",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15746"
},
{
"name": "CVE-2014-6272",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6272"
},
{
"name": "CVE-2019-7638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7638"
},
{
"name": "CVE-2015-8241",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8241"
},
{
"name": "CVE-2019-10155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10155"
},
{
"name": "CVE-2018-11813",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11813"
},
{
"name": "CVE-2018-18310",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18310"
},
{
"name": "CVE-2018-1084",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1084"
},
{
"name": "CVE-2020-12662",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12662"
},
{
"name": "CVE-2012-4423",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4423"
},
{
"name": "CVE-2017-0902",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0902"
},
{
"name": "CVE-2018-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8945"
},
{
"name": "CVE-2017-0899",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0899"
},
{
"name": "CVE-2010-2239",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2239"
},
{
"name": "CVE-2010-2242",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2242"
},
{
"name": "CVE-2017-14167",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14167"
},
{
"name": "CVE-2015-0225",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0225"
},
{
"name": "CVE-2019-11324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11324"
},
{
"name": "CVE-2013-6458",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6458"
},
{
"name": "CVE-2018-1000075",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000075"
},
{
"name": "CVE-2018-15857",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15857"
},
{
"name": "CVE-2018-16062",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16062"
},
{
"name": "CVE-2018-10534",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10534"
},
{
"name": "CVE-2014-0179",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0179"
},
{
"name": "CVE-2018-18384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18384"
},
{
"name": "CVE-2013-1766",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1766"
},
{
"name": "CVE-2016-6580",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6580"
},
{
"name": "CVE-2018-12697",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12697"
},
{
"name": "CVE-2018-1000301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000301"
},
{
"name": "CVE-2019-11236",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
},
{
"name": "CVE-2019-12155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12155"
},
{
"name": "CVE-2017-0900",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0900"
},
{
"name": "CVE-2014-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3598"
},
{
"name": "CVE-2017-1000050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000050"
},
{
"name": "CVE-2018-10535",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10535"
},
{
"name": "CVE-2019-3820",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3820"
},
{
"name": "CVE-2018-16402",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16402"
},
{
"name": "CVE-2018-1116",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1116"
},
{
"name": "CVE-2018-15853",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15853"
},
{
"name": "CVE-2019-14378",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14378"
},
{
"name": "CVE-2016-1494",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1494"
},
{
"name": "CVE-2019-12312",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12312"
},
{
"name": "CVE-2013-0339",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0339"
},
{
"name": "CVE-2019-16935",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16935"
},
{
"name": "CVE-2015-6525",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6525"
},
{
"name": "CVE-2016-6581",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6581"
},
{
"name": "CVE-2013-4520",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4520"
},
{
"name": "CVE-2014-3633",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3633"
},
{
"name": "CVE-2014-3004",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3004"
},
{
"name": "CVE-2015-9381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9381"
},
{
"name": "CVE-2016-5361",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5361"
},
{
"name": "CVE-2018-14598",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14598"
},
{
"name": "CVE-2014-1447",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1447"
},
{
"name": "CVE-2018-20852",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20852"
},
{
"name": "CVE-2012-2693",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2693"
},
{
"name": "CVE-2018-7208",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7208"
},
{
"name": "CVE-2018-12910",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12910"
},
{
"name": "CVE-2019-8325",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8325"
},
{
"name": "CVE-2015-7497",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7497"
},
{
"name": "CVE-2019-7665",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7665"
},
{
"name": "CVE-2018-15854",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15854"
},
{
"name": "CVE-2019-13404",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13404"
},
{
"name": "CVE-2015-5160",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5160"
},
{
"name": "CVE-2018-10767",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10767"
},
{
"name": "CVE-2018-7550",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7550"
},
{
"name": "CVE-2016-3076",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3076"
},
{
"name": "CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"name": "CVE-2018-18521",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18521"
},
{
"name": "CVE-2018-19788",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19788"
},
{
"name": "CVE-2019-8322",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8322"
},
{
"name": "CVE-2019-3840",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3840"
},
{
"name": "CVE-2016-9189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9189"
},
{
"name": "CVE-2015-9262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
},
{
"name": "CVE-2018-14647",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14647"
},
{
"name": "CVE-2019-17041",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17041"
},
{
"name": "CVE-2019-14906",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14906"
},
{
"name": "CVE-2018-1000073",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000073"
},
{
"name": "CVE-2019-9947",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
},
{
"name": "CVE-2017-1000158",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000158"
},
{
"name": "CVE-2019-7635",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7635"
},
{
"name": "CVE-2019-7576",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7576"
},
{
"name": "CVE-2019-14834",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14834"
},
{
"name": "CVE-2018-15855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15855"
},
{
"name": "CVE-2019-7149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7149"
},
{
"name": "CVE-2018-7642",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7642"
},
{
"name": "CVE-2019-5010",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5010"
},
{
"name": "CVE-2018-12641",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12641"
},
{
"name": "CVE-2021-3396",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3396"
},
{
"name": "CVE-2020-12403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
},
{
"name": "CVE-2017-15268",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15268"
},
{
"name": "CVE-2018-15587",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15587"
},
{
"name": "CVE-2016-10746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10746"
},
{
"name": "CVE-2017-13711",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13711"
},
{
"name": "CVE-2014-8131",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8131"
},
{
"name": "CVE-2014-9601",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9601"
},
{
"name": "CVE-2014-3657",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3657"
},
{
"name": "CVE-2018-10373",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10373"
},
{
"name": "CVE-2017-17790",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17790"
},
{
"name": "CVE-2011-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2511"
},
{
"name": "CVE-2018-1000802",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000802"
},
{
"name": "CVE-2017-7555",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7555"
},
{
"name": "CVE-2016-9015",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9015"
},
{
"name": "CVE-2017-13720",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13720"
},
{
"name": "CVE-2018-11782",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11782"
},
{
"name": "CVE-2017-11671",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11671"
},
{
"name": "CVE-2017-10664",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10664"
},
{
"name": "CVE-2018-11213",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11213"
},
{
"name": "CVE-2013-6457",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6457"
},
{
"name": "CVE-2019-10138",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10138"
},
{
"name": "CVE-2019-7578",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7578"
},
{
"name": "CVE-2020-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7039"
},
{
"name": "CVE-2017-11368",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11368"
},
{
"name": "CVE-2018-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0494"
},
{
"name": "CVE-2019-20485",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20485"
},
{
"name": "CVE-2003-1418",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-1418"
},
{
"name": "CVE-2017-15289",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15289"
},
{
"name": "CVE-2016-5391",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5391"
},
{
"name": "CVE-2017-2810",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2810"
},
{
"name": "CVE-2018-15864",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15864"
},
{
"name": "CVE-2017-18207",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18207"
},
{
"name": "CVE-2019-12761",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12761"
},
{
"name": "CVE-2013-5651",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5651"
},
{
"name": "CVE-2017-17522",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17522"
},
{
"name": "CVE-2019-20382",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20382"
},
{
"name": "CVE-2016-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2533"
},
{
"name": "CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"name": "CVE-2018-18520",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18520"
},
{
"name": "CVE-2019-9740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
},
{
"name": "CVE-2019-7575",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7575"
},
{
"name": "CVE-2015-5652",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5652"
},
{
"name": "CVE-2019-7572",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7572"
},
{
"name": "CVE-2017-6519",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6519"
},
{
"name": "CVE-2018-10906",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10906"
},
{
"name": "CVE-2018-15863",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15863"
},
{
"name": "CVE-2018-15862",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15862"
},
{
"name": "CVE-2018-1000079",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000079"
},
{
"name": "CVE-2019-7664",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7664"
},
{
"name": "CVE-2017-5992",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5992"
},
{
"name": "CVE-2019-16865",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16865"
},
{
"name": "CVE-2019-8324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8324"
},
{
"name": "CVE-2018-1000076",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000076"
},
{
"name": "CVE-2018-1000030",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000030"
},
{
"name": "CVE-2018-1000074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000074"
},
{
"name": "CVE-2017-0901",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0901"
},
{
"name": "CVE-2018-7568",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7568"
},
{
"name": "CVE-2016-0775",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0775"
},
{
"name": "CVE-2018-15688",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15688"
},
{
"name": "CVE-2018-14599",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14599"
},
{
"name": "CVE-2018-10733",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10733"
},
{
"name": "CVE-2016-9396",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9396"
},
{
"name": "CVE-2019-10160",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10160"
},
{
"name": "CVE-2017-7562",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7562"
},
{
"name": "CVE-2016-1000032",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000032"
},
{
"name": "CVE-2017-15124",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15124"
},
{
"name": "CVE-2018-1113",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1113"
},
{
"name": "CVE-2013-4399",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4399"
},
{
"name": "CVE-2019-7636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7636"
},
{
"name": "CVE-2014-3672",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3672"
},
{
"name": "CVE-2018-4700",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4700"
},
{
"name": "CVE-2017-0903",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0903"
},
{
"name": "CVE-2018-15856",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15856"
},
{
"name": "CVE-2018-1000078",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000078"
},
{
"name": "CVE-2019-7573",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7573"
},
{
"name": "CVE-2018-1000077",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000077"
},
{
"name": "CVE-2010-2237",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2237"
},
{
"name": "CVE-2018-1000876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000876"
},
{
"name": "CVE-2018-14348",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14348"
},
{
"name": "CVE-2019-3890",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3890"
},
{
"name": "CVE-2015-7498",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7498"
},
{
"name": "CVE-2019-7577",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7577"
},
{
"name": "CVE-2016-0740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0740"
},
{
"name": "CVE-2018-4180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4180"
},
{
"name": "CVE-2013-4297",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4297"
},
{
"name": "CVE-2010-2238",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2238"
},
{
"name": "CVE-2018-14600",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14600"
},
{
"name": "CVE-2017-13090",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13090"
},
{
"name": "CVE-2013-7336",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7336"
},
{
"name": "CVE-2018-10372",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10372"
},
{
"name": "CVE-2019-7637",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7637"
},
{
"name": "CVE-2018-11806",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11806"
},
{
"name": "CVE-2018-7643",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7643"
},
{
"name": "CVE-2015-0236",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0236"
},
{
"name": "CVE-2018-1000117",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000117"
},
{
"name": "CVE-2014-0209",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0209"
},
{
"name": "CVE-2013-2230",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2230"
},
{
"name": "CVE-2018-1122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1122"
},
{
"name": "CVE-2014-3960",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3960"
},
{
"name": "CVE-2019-16056",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16056"
},
{
"name": "CVE-2020-12663",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12663"
},
{
"name": "CVE-2018-10768",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10768"
},
{
"name": "CVE-2017-16611",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16611"
},
{
"name": "CVE-2014-7823",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7823"
},
{
"name": "CVE-2020-10703",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10703"
},
{
"name": "CVE-2018-7569",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7569"
},
{
"name": "CVE-2013-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4154"
},
{
"name": "CVE-2018-20060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
},
{
"name": "CVE-2015-9382",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9382"
},
{
"name": "CVE-2017-18190",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18190"
},
{
"name": "CVE-2016-4009",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4009"
},
{
"name": "CVE-2018-13033",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13033"
},
{
"name": "CVE-2016-9190",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9190"
},
{
"name": "CVE-2019-7574",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7574"
},
{
"name": "CVE-2016-0772",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0772"
},
{
"name": "CVE-2016-5699",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5699"
},
{
"name": "CVE-2011-1486",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1486"
},
{
"name": "CVE-2020-5208",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5208"
},
{
"name": "CVE-2019-6778",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6778"
},
{
"name": "CVE-2020-10772",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10772"
},
{
"name": "CVE-2020-25637",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25637"
},
{
"name": "CVE-2018-10360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10360"
},
{
"name": "CVE-2018-15859",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15859"
},
{
"name": "CVE-2017-13089",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13089"
},
{
"name": "CVE-2019-12779",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12779"
},
{
"name": "CVE-2019-1010238",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010238"
},
{
"name": "CVE-2019-6690",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6690"
},
{
"name": "CVE-2015-8317",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8317"
},
{
"name": "CVE-2018-4181",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4181"
},
{
"name": "CVE-2019-8323",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8323"
},
{
"name": "CVE-2016-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3616"
},
{
"name": "CVE-2018-14498",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14498"
},
{
"name": "CVE-2018-15861",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15861"
},
{
"name": "CVE-2019-7150",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7150"
},
{
"name": "CVE-2019-17042",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17042"
},
{
"name": "CVE-2016-5008",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5008"
},
{
"name": "CVE-2014-4616",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4616"
}
],
"initial_release_date": "2022-03-23T00:00:00",
"last_revision_date": "2022-03-23T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-267",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper Networks\nJunos Space. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Networks Junos Space",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11176 du 22 mars 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11176\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
GHSA-2GF2-4WWM-4CM6
Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2022-05-13 01:07
VLAI?
Details
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
{
"affected": [],
"aliases": [
"CVE-2011-0411"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-03-16T22:55:00Z",
"severity": "MODERATE"
},
"details": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack.",
"id": "GHSA-2gf2-4wwm-4cm6",
"modified": "2022-05-13T01:07:08Z",
"published": "2022-05-13T01:07:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0411"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"type": "WEB",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43646"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43874"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1025179"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5002"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/71021"
},
{
"type": "WEB",
"url": "http://www.postfix.org/CVE-2011-0411.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0423.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/46767"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0891"
}
],
"schema_version": "1.4.0",
"severity": []
}
VAR-201103-0114
Vulnerability from variot - Updated: 2026-04-10 23:24The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack. Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. An attacker can exploit this issue to execute arbitrary commands in the context of the user running the application. Successful exploits can allow attackers to obtain email usernames and passwords. The following vendors are affected: Ipswitch Kerio Postfix Qmail-TLS Oracle (note that the affected application is unknown) SCO Group spamdyke ISC. Postfix is a mail transfer agent used in Unix-like operating systems. The STARTTLS implementation in Postfix 2.4.x prior to 2.4.16, 2.5.x prior to 2.5.12, 2.6.x prior to 2.6.9, and 2.7.x prior to 2.7.3 did not properly restrict I/ O buffering effect. ========================================================================== Ubuntu Security Notice USN-1113-1 April 18, 2011
postfix vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
- Ubuntu 8.04 LTS
- Ubuntu 6.06 LTS
Summary:
An attacker could send crafted input to Postfix and cause it to reveal confidential information. This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. (CVE-2009-2939)
Wietse Venema discovered that Postfix incorrectly handled cleartext commands after TLS is in place. (CVE-2011-0411)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 10.10: postfix 2.7.1-1ubuntu0.1
Ubuntu 10.04 LTS: postfix 2.7.0-1ubuntu0.1
Ubuntu 9.10: postfix 2.6.5-3ubuntu0.1
Ubuntu 8.04 LTS: postfix 2.5.1-2ubuntu1.3
Ubuntu 6.06 LTS: postfix 2.2.10-1ubuntu0.3
In general, a standard system update will make all the necessary changes.
References: CVE-2009-2939, CVE-2011-0411
Package Information: https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.1 https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/postfix/2.6.5-3ubuntu0.1 https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.3 https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.3
.
CVE-2011-4130 ProFTPD uses a response pool after freeing it under exceptional conditions, possibly leading to remote code execution. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-33
http://security.gentoo.org/
Severity: High Title: Postfix: Multiple vulnerabilities Date: June 25, 2012 Bugs: #358085, #366605 ID: 201206-33
Synopsis
A vulnerability has been found in Postfix, the worst of which possibly allowing remote code execution.
Background
Postfix is Wietse Venema=E2=80=99s mailer that attempts to be fast, easy = to administer, and secure, as an alternative to the widely-used Sendmail program.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 mail-mta/postfix < 2.7.4 >= 2.7.4
Description
A vulnerability have been discovered in Postfix. Please review the CVE identifier referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Postfix users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.7.4"
References
[ 1 ] CVE-2011-0411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0411 [ 2 ] CVE-2011-1720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1720
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-33.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . This is a writeup about a flaw that I found recently, and that existed in multiple implementations of SMTP (Simple Mail Transfer Protocol) over TLS (Transport Layer Security) including my Postfix open source mailserver. I give an overview of the problem and its impact, how to find out if a server is affected, fixes, and draw lessons about where we can expect similar problems. A time line is at the end.
For further reading: http://www.kb.cert.org/vuls/id/555316 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411 http://www.postfix.org/CVE-2011-0411.html (extended writeup)
Wietse
Problem overview and impact
The TLS protocol encrypts communication and protects it against modification by other parties. This protection exists only if a) software is free of flaws, and b) clients verify the server's TLS certificate, so that there can be no "man in the middle" (servers usually don't verify client certificates).
The problem discussed in this writeup is caused by a software flaw.
The injected commands could be used to steal the victim's email or SASL (Simple Authentication and Security Layer) username and password.
This is not as big a problem as it may appear to be. The reason is that many SMTP client applications don't verify server TLS certificates. These SMTP clients are always vulnerable to command injection and other attacks. Their TLS sessions are only encrypted but not protected.
A similar plaintext injection flaw may exist in the way SMTP clients handle SMTP-over-TLS server responses, but its impact is less interesting than the server-side flaw.
SMTP is not the only protocol with a mid-session switch from plaintext to TLS. Other examples are POP3, IMAP, NNTP and FTP. Implementations of these protocols may be affected by the same flaw as discussed here.
Demonstration
The problem is easy to demonstrate with a one-line change to the OpenSSL s_client command source code (I would prefer scripting, but having to install Perl CPAN modules and all their dependencies is more work than downloading a .tar.gz file from openssl.org, adding eight characters to one line, and doing "./config; make").
The OpenSSL s_client command can make a connection to servers that support straight TLS, SMTP over TLS, or a handful other protocols over TLS. The demonstration with SMTP over TLS involves a one-line change in the OpenSSL s_client source code (with OpenSSL 1.0.0, at line 1129 of file apps/s_client.c).
Old: BIO_printf(sbio,"STARTTLS\r\n"); New: BIO_printf(sbio,"STARTTLS\r\nRSET\r\n");
With this change, the s_client command sends the plaintext STARTTLS command ("let's turn on TLS") immediately followed by an RSET command (a relatively harmless protocol "reset"). Both commands are sent as plaintext in the same TCP/IP packet, and arrive together at the server. The "\r\n" are the carriage-return and newline characters; these are necessary to terminate an SMTP command.
When an SMTP server has the plaintext injection flaw, it reads the STARTTLS command first, switches to SMTP-over-TLS mode, and only then the server reads the RSET command. Note, the RSET command was transmitted during the plaintext SMTP phase when there is no protection, but the server reads the command as if it was received over the TLS-protected channel.
Thus, when the SMTP server has the flaw, the s_client command output will show two "250" SMTP server responses instead of one. The first "250" response is normal, and is present even when the server is not flawed. The second "250" response is for the RSET command, and indicates that the SMTP server has the plaintext injection flaw.
$ apps/openssl s_client -quiet -starttls smtp -connect server:port [some server TLS certificate details omitted] 250 some text here <=== Normal response, also with "good" server. 250 more text here <=== RSET response, only with flawed server.
Anatomy of the flaw: it's all about the plumbing
Whether a program may have the plaintext injection flaw depends on how it adjusts the plumbing, as it inserts the TLS protocol layer in-between the SMTP protocol layer and the O/S TCP/IP protocol layer. I illustrate this with examples from three open source MTAs: Postfix, Sendmail and Exim. The diagram below is best viewed with a fixed-width font, for example, from the Courier family.
Postfix MTA Sendmail MTA Exim MTA
before/after before/after before/after
switch to TLS switch to TLS switch to TLS
SMTP SMTP SMTP SMTP SMTP SMTP <= SMTP layer
|| || || || || ||
stream stream stream stream' || || buffers buffers buffers buffers' rw r'w' <= stream layer rw r'w' rw r'w' || || || || || || || || || TLS || TLS || TLS <= TLS layer || || || || || || O/S O/S O/S O/S O/S O/S <= TCP/IP layer
As shown in the diagram, both Postfix and Sendmail use an application- level stream abstraction, where each stream has properties such as read/write buffers, read/write functions (indicated with rw), and other properties that are omitted for brevity.
When Postfix switches to SMTP over TLS, it replaces the plaintext read/write functions (rw) with the TLS read/write functions (r'w'). Postfix does not modify any of the other stream properties including the read/write buffers. A patch for qmail that introduces TLS support uses the same approach. This approach of replacing only the stream read/write functions, but not the buffers or other stream properties, can introduce the plaintext injection flaw.
When Sendmail switches to SMTP over TLS, it replaces the entire stream, along with its read/write buffers and read/write functions. Exim, on the other hand, does not seem to have a stream abstraction like Postfix, Sendmail or qmail. Instead of replacing streams or stream properties, Exim replaces plaintext read/write functions with TLS read/write functions. Because of their program structure, Sendmail and Exim didn't suffer from the plaintext injection flaw.
Fixing the problem
There are two solutions to address the flaw, and both solutions can be used together.
- Report an error when unexpected plaintext is received after the STARTTLS command. As documented in RFC 3207, STARTTLS must be the last command in a pipelined group. If plaintext commands are received after STARTTLS, then that is a protocol violation.
This measure can also be implemented outside the MTA, for example in a protocol-aware firewall.
- If a program uses the same input buffer before and after the switch to TLS, it should discard the contents of the input buffer, just like it discards SMTP protocol information that it received during the plaintext protocol phase.
Conclusion
This plaintext injection problem is likely to recur when some development moves the plaintext-to-ciphertext switch outside the application: for example, into the kernel, into the local hardware, into a proxy, or into other infrastructure. This encourages applications to use the same application-level streams and buffers and read/write functions before and after the switch to ciphertext. When this migration happens, plaintext injection becomes once more a possibility.
Time line
Jan 5 2011: While finishing Postfix for its annual release, I found and fixed this flaw in the SMTP server and client implementations, where it had been sitting ever since TLS support was adopted.
Jan 6-10 2011: As we investigated the scope of the problem, Victor Duchovni (co-developer) discovered that other implementations were also affected including security providers and security appliances.
Jan 11 2011: Contact CERT/CC to help coordinate with the problem's resolution.
Mar 7 2011: Public announcement, and Postfix legacy release updates.
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411 http://www.postfix.org/CVE-2011-0411.html http://www.kb.cert.org/vuls/id/555316 http://www.securityfocus.com/archive/1/516901/30/0/threaded
Updated Packages:
Mandriva Linux 2009.0: eb607fe6834ded296aec54851a3bd56c 2009.0/i586/libpostfix1-2.5.5-4.2mdv2009.0.i586.rpm 76a18eb7f7627ba5489137eb592d0c8b 2009.0/i586/postfix-2.5.5-4.2mdv2009.0.i586.rpm 61c70b9d189f68276601d724e8444d9f 2009.0/i586/postfix-ldap-2.5.5-4.2mdv2009.0.i586.rpm 24255918008338487798ea647860484e 2009.0/i586/postfix-mysql-2.5.5-4.2mdv2009.0.i586.rpm e4d4db07cb302b3072f78097f84e1b87 2009.0/i586/postfix-pcre-2.5.5-4.2mdv2009.0.i586.rpm ebd9879c9c773c3d57375809c696f517 2009.0/i586/postfix-pgsql-2.5.5-4.2mdv2009.0.i586.rpm b27d3f6b20b11f71fd54d0f50a8a4b47 2009.0/SRPMS/postfix-2.5.5-4.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: 73053818f39aba0ee0bece7ab997b07c 2009.0/x86_64/lib64postfix1-2.5.5-4.2mdv2009.0.x86_64.rpm c0e3c04bfd70acc0ee09e7413b3a3400 2009.0/x86_64/postfix-2.5.5-4.2mdv2009.0.x86_64.rpm 435fe07232bf307882a1589bc1ccca22 2009.0/x86_64/postfix-ldap-2.5.5-4.2mdv2009.0.x86_64.rpm 4d1d018487d1c3328cd425d220136a6f 2009.0/x86_64/postfix-mysql-2.5.5-4.2mdv2009.0.x86_64.rpm e7bd9b102319bc1ed4cdda27edaf26e2 2009.0/x86_64/postfix-pcre-2.5.5-4.2mdv2009.0.x86_64.rpm 7051b04bff45730a0268c5b311361111 2009.0/x86_64/postfix-pgsql-2.5.5-4.2mdv2009.0.x86_64.rpm b27d3f6b20b11f71fd54d0f50a8a4b47 2009.0/SRPMS/postfix-2.5.5-4.2mdv2009.0.src.rpm
Mandriva Linux 2010.0: f83a569908244de2e04f13c5e9cbc29a 2010.0/i586/libpostfix1-2.6.5-2.1mdv2010.0.i586.rpm b28f60198223458fe7a8b9c92d9901c1 2010.0/i586/postfix-2.6.5-2.1mdv2010.0.i586.rpm 1572c433ec62d49970a250050da98ed7 2010.0/i586/postfix-ldap-2.6.5-2.1mdv2010.0.i586.rpm 2aeb9f3d82b97e4314b3f8d6500a244a 2010.0/i586/postfix-mysql-2.6.5-2.1mdv2010.0.i586.rpm 2d93c886dda73832ee8b96961e0cc316 2010.0/i586/postfix-pcre-2.6.5-2.1mdv2010.0.i586.rpm 544853ecd21ca236324418232b59d206 2010.0/i586/postfix-pgsql-2.6.5-2.1mdv2010.0.i586.rpm e3748479ec6c93be12808e26e6b0fa55 2010.0/SRPMS/postfix-2.6.5-2.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64: 0282b58fb34ab310a8e66cda1792da37 2010.0/x86_64/lib64postfix1-2.6.5-2.1mdv2010.0.x86_64.rpm 644f3b20cfed1b5e57ef53a7ef94898a 2010.0/x86_64/postfix-2.6.5-2.1mdv2010.0.x86_64.rpm 16b27a49a3dcae6fa520c3cb24b2f69b 2010.0/x86_64/postfix-ldap-2.6.5-2.1mdv2010.0.x86_64.rpm 9e60217b6e8adc9a0e286df835f9d695 2010.0/x86_64/postfix-mysql-2.6.5-2.1mdv2010.0.x86_64.rpm 8594b10f400395fff17ffda26e9e3b3d 2010.0/x86_64/postfix-pcre-2.6.5-2.1mdv2010.0.x86_64.rpm e63fb8c5794ce971488898af1d537f36 2010.0/x86_64/postfix-pgsql-2.6.5-2.1mdv2010.0.x86_64.rpm e3748479ec6c93be12808e26e6b0fa55 2010.0/SRPMS/postfix-2.6.5-2.1mdv2010.0.src.rpm
Mandriva Linux 2010.1: 19ee5b6c6a18c73ccf1d74e20f89759d 2010.1/i586/libpostfix1-2.7.0-4.1mdv2010.2.i586.rpm 7a468df2b451f6972c38faf1f60ad8af 2010.1/i586/postfix-2.7.0-4.1mdv2010.2.i586.rpm a814f84c61afd93f3416c69d993afd7a 2010.1/i586/postfix-cdb-2.7.0-4.1mdv2010.2.i586.rpm f6f7f9492ab304d28f8aa4bfc653ca1e 2010.1/i586/postfix-ldap-2.7.0-4.1mdv2010.2.i586.rpm 8013bafd20881dd85b3be95529be848d 2010.1/i586/postfix-mysql-2.7.0-4.1mdv2010.2.i586.rpm 145c8551dc1c51b071d1f3f992f8e638 2010.1/i586/postfix-pcre-2.7.0-4.1mdv2010.2.i586.rpm 8f0d058eda66267085cbe5a7f5133b60 2010.1/i586/postfix-pgsql-2.7.0-4.1mdv2010.2.i586.rpm c90d8220b74b39ce44a4b9dfe8876783 2010.1/SRPMS/postfix-2.7.0-4.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64: 0a9207a9e00cce2e656ff248513d5bc3 2010.1/x86_64/lib64postfix1-2.7.0-4.1mdv2010.2.x86_64.rpm 3e2cc9ea2bf3d6979d5c6a5b3ec9b54a 2010.1/x86_64/postfix-2.7.0-4.1mdv2010.2.x86_64.rpm c8c5efad63b597b3d3a0aec3c5027ffa 2010.1/x86_64/postfix-cdb-2.7.0-4.1mdv2010.2.x86_64.rpm 71d9a4095514c72494c4f02d2696b619 2010.1/x86_64/postfix-ldap-2.7.0-4.1mdv2010.2.x86_64.rpm 8865fea8796435b2d715bf0d89c4530f 2010.1/x86_64/postfix-mysql-2.7.0-4.1mdv2010.2.x86_64.rpm 784960a49889f3fce8a308842321d8e8 2010.1/x86_64/postfix-pcre-2.7.0-4.1mdv2010.2.x86_64.rpm dc50ccda7bfb1a1f7f673bc251f14683 2010.1/x86_64/postfix-pgsql-2.7.0-4.1mdv2010.2.x86_64.rpm c90d8220b74b39ce44a4b9dfe8876783 2010.1/SRPMS/postfix-2.7.0-4.1mdv2010.2.src.rpm
Corporate 4.0: 6b7d62433679d20ae3b5cdf2668019e7 corporate/4.0/i586/libpostfix1-2.3.5-0.4.20060mlcs4.i586.rpm c5d4cbc67d00e0ea8b32c6598d6d65f0 corporate/4.0/i586/postfix-2.3.5-0.4.20060mlcs4.i586.rpm 287daadea040f15c1e25a6de77a438b2 corporate/4.0/i586/postfix-ldap-2.3.5-0.4.20060mlcs4.i586.rpm aac87a567ae68c48d4e8226429b35697 corporate/4.0/i586/postfix-mysql-2.3.5-0.4.20060mlcs4.i586.rpm c331a8061b0c5a6639c633d608e37871 corporate/4.0/i586/postfix-pcre-2.3.5-0.4.20060mlcs4.i586.rpm 25ce650233120a54e830c120f773f715 corporate/4.0/i586/postfix-pgsql-2.3.5-0.4.20060mlcs4.i586.rpm f2f060fddbb666572eca06ae47e36a3a corporate/4.0/SRPMS/postfix-2.3.5-0.4.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 45b683c80b3006c3df5144bfe0fede86 corporate/4.0/x86_64/lib64postfix1-2.3.5-0.4.20060mlcs4.x86_64.rpm fc82cfcdbf89c059b6850edfa049128f corporate/4.0/x86_64/postfix-2.3.5-0.4.20060mlcs4.x86_64.rpm 7057754d88c8146d235d3ab96fd64d2f corporate/4.0/x86_64/postfix-ldap-2.3.5-0.4.20060mlcs4.x86_64.rpm 872c28155eb6276ba0fd1001387ffac7 corporate/4.0/x86_64/postfix-mysql-2.3.5-0.4.20060mlcs4.x86_64.rpm 644747748d18077fc63aa740c2947768 corporate/4.0/x86_64/postfix-pcre-2.3.5-0.4.20060mlcs4.x86_64.rpm 19b2a209beade7e6e25de6d0f3cb4b6d corporate/4.0/x86_64/postfix-pgsql-2.3.5-0.4.20060mlcs4.x86_64.rpm f2f060fddbb666572eca06ae47e36a3a corporate/4.0/SRPMS/postfix-2.3.5-0.4.20060mlcs4.src.rpm
Mandriva Enterprise Server 5: 9c50578bd954be2ea42e6f3f3131cc9c mes5/i586/libpostfix1-2.5.5-4.2mdvmes5.2.i586.rpm bca22f9be6e6bef4e02f2ffb4623d2e3 mes5/i586/postfix-2.5.5-4.2mdvmes5.2.i586.rpm 45cfa7336d29cddca1ac07270d2b8287 mes5/i586/postfix-ldap-2.5.5-4.2mdvmes5.2.i586.rpm 87d4b942fefedc239a213b3ce5715cf0 mes5/i586/postfix-mysql-2.5.5-4.2mdvmes5.2.i586.rpm b3caf9572b69e757b9697139bb0ed5d8 mes5/i586/postfix-pcre-2.5.5-4.2mdvmes5.2.i586.rpm bde845f9957e2ead0e398c5bebef6f79 mes5/i586/postfix-pgsql-2.5.5-4.2mdvmes5.2.i586.rpm 8ad3739bcdf5297b2dddfb4e289049d9 mes5/SRPMS/postfix-2.5.5-4.2mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: d920df80c9fdbcb64a9c50d265acd7e8 mes5/x86_64/lib64postfix1-2.5.5-4.2mdvmes5.2.x86_64.rpm 1d09a25b69b76b2c013bac182c0e456d mes5/x86_64/postfix-2.5.5-4.2mdvmes5.2.x86_64.rpm 0afe348155bee4af965ec616d86a9219 mes5/x86_64/postfix-ldap-2.5.5-4.2mdvmes5.2.x86_64.rpm db4e476a96f489d957610fb1ff7c6f9e mes5/x86_64/postfix-mysql-2.5.5-4.2mdvmes5.2.x86_64.rpm 6ce0428271de05b3bb2d2e430c3281a3 mes5/x86_64/postfix-pcre-2.5.5-4.2mdvmes5.2.x86_64.rpm 32468daeee58b727ce1c85adcc2b364c mes5/x86_64/postfix-pgsql-2.5.5-4.2mdvmes5.2.x86_64.rpm 8ad3739bcdf5297b2dddfb4e289049d9 mes5/SRPMS/postfix-2.5.5-4.2mdvmes5.2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2009-2939 The postinst script grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.
CVE-2011-1720 A heap-based read-only buffer overflow allows malicious clients to crash the smtpd server process using a crafted SASL authentication request.
For the oldstable distribution (lenny), this problem has been fixed in version 2.5.5-1.1+lenny1.
For the stable distribution (squeeze), this problem has been fixed in version 2.7.1-1+squeeze1.
For the unstable distribution (sid), this problem has been fixed in version 2.8.0-1.
We recommend that you upgrade your postfix packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJNyXybAAoJEL97/wQC1SS+xb0H/igqYhOTtvO91deptOPyednw 5sBQPXGoo+RXeomLsJk8P6ezm7fEGTSl7GUEpNwS1qsqAPVnl9XAK6dOGFae1PbG 2L93eR6AKgKo60tp2On1Tf1c0HcD6yKiZ6J7C7nZ3E8+yZwSd1k6826ZUQ3gzKKW DTIu6w2CzzleK/bppWfhAvwvobHD6X1B16qklZfqw6H0C/QfMjM8ZXLCRv9Tq1TN jX1W4qeed7pr8r3pTJ9npzae7drqFLoVDi0tpGKi0UHEwgRma1AbDaI2BVmeblue YNRHg7H+TqfrUwN8iB64WrYvqnHCQfvViL8f0ML2uJXJf/lHby+vxPl6EGxAIoY= =yCCp -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.3"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.8"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.1"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.7"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.5"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.6"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.4"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.2"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.0"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.9"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.11"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.0"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.1"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.15"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.13"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.1"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.7.1"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.6"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.12"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.4"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.5"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.5"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.4"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.7"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.11"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.14"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.8"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.7.0"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.9"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.7.2"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.0"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.3"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.10"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.6"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.2"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.10"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.8"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.3"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.2"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.7"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cyrus imap",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ipswitch",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "kerio",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "postfix",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "qmail tls",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "watchguard",
"version": null
},
{
"_id": null,
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.3.1"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"_id": null,
"model": "spamdyke",
"scope": "ne",
"trust": 0.3,
"vendor": "spamdyke",
"version": "4.2.1"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.7.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"_id": null,
"model": "imap server",
"scope": "eq",
"trust": 0.3,
"vendor": "cyrus",
"version": "2.4"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.5.4"
},
{
"_id": null,
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux enterprise sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "groupware server 2.2-rc3",
"scope": null,
"trust": 0.3,
"vendor": "kolab",
"version": null
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.9"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.01"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.4.9"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"_id": null,
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.0.3"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.5.5"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.1.5"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"_id": null,
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.3.2"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.2.3"
},
{
"_id": null,
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "pure-ftpd",
"scope": "ne",
"trust": 0.3,
"vendor": "pureftpd",
"version": "1.0.30"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.3"
},
{
"_id": null,
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "20011115"
},
{
"_id": null,
"model": "groupware server -rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2.3"
},
{
"_id": null,
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.11"
},
{
"_id": null,
"model": "java system messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"_id": null,
"model": "mailserver patch",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.7.01"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.2.2"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.5"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.1"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20110"
},
{
"_id": null,
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.5.2"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.6.3"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.3"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1.3"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "imail hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.4"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.13"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "mailserver patch",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6.23"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"_id": null,
"model": "linux enterprise sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "pure-ftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "pureftpd",
"version": "1.0.29"
},
{
"_id": null,
"model": "groupware server 2.1.beta3",
"scope": null,
"trust": 0.3,
"vendor": "kolab",
"version": null
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.0"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.3.3"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.4.1"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.3"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "groupware server",
"scope": "ne",
"trust": 0.3,
"vendor": "kolab",
"version": "2.3.2"
},
{
"_id": null,
"model": "inn",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "2.5.3"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.8"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.4.8"
},
{
"_id": null,
"model": "spamdyke",
"scope": "eq",
"trust": 0.3,
"vendor": "spamdyke",
"version": "4.2"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"_id": null,
"model": "mailserver patch",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1.31"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.1"
},
{
"_id": null,
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.4"
},
{
"_id": null,
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "1.1.13"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "19991231"
},
{
"_id": null,
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0"
},
{
"_id": null,
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.4"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.3"
},
{
"_id": null,
"model": "imap server",
"scope": "ne",
"trust": 0.3,
"vendor": "cyrus",
"version": "2.4.7"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.7"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6.1"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.3.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "connect build",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "7.1.42985"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"_id": null,
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.12"
},
{
"_id": null,
"model": "linux enterprise sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6.2"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.4.2"
},
{
"_id": null,
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.1"
},
{
"_id": null,
"model": "groupware server 2.1beta2",
"scope": null,
"trust": 0.3,
"vendor": "kolab",
"version": null
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.5"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.6-20080902"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"_id": null,
"model": "linux enterprise sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.2"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "scooffice server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "0"
},
{
"_id": null,
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.9"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.20"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"_id": null,
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.3.1"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.3"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.1"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.2"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.1"
},
{
"_id": null,
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2.2"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.1.3"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "1.1.12"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.2.4"
},
{
"_id": null,
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "1.1.11"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.4"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0"
},
{
"_id": null,
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "xcs",
"scope": "eq",
"trust": 0.3,
"vendor": "watchguard",
"version": "9.1"
},
{
"_id": null,
"model": "netqmail",
"scope": "eq",
"trust": 0.3,
"vendor": "qmail smtpd auth",
"version": "0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"_id": null,
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.4.0"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.14"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.4.1"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "1.0.21"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.0"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.1"
},
{
"_id": null,
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2.4"
},
{
"_id": null,
"model": "java system messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.3"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.5"
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"_id": null,
"model": "groupware server 2.2-rc1",
"scope": null,
"trust": 0.3,
"vendor": "kolab",
"version": null
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.10"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.6.5"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.8"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "message networking sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.8"
},
{
"_id": null,
"model": "groupware server beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.3"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.3"
},
{
"_id": null,
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.10"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.6"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "20010228"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.6.4"
},
{
"_id": null,
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.0.2"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.1.1"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "0"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.1"
},
{
"_id": null,
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "imail hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.151"
},
{
"_id": null,
"model": "imap server",
"scope": "eq",
"trust": 0.3,
"vendor": "cyrus",
"version": "2.4.6"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.2"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.2"
},
{
"_id": null,
"model": "starttls",
"scope": "eq",
"trust": 0.3,
"vendor": "ietf",
"version": "0"
},
{
"_id": null,
"model": "mailserver build",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6.17069"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "7.0"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20090"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.2"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.1"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "messaging storage server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "groupware server beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.5"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "venema postfix patchlevel",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.5.44"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"_id": null,
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.0.1"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.4"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.7"
},
{
"_id": null,
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.0.4"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.2.10"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "19990906"
},
{
"_id": null,
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.6"
},
{
"_id": null,
"model": "xcs",
"scope": "eq",
"trust": 0.3,
"vendor": "watchguard",
"version": "9.0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "BID",
"id": "46767"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"credits": {
"_id": null,
"data": "Wietse Venema",
"sources": [
{
"db": "BID",
"id": "46767"
},
{
"db": "PACKETSTORM",
"id": "99053"
}
],
"trust": 0.4
},
"cve": "CVE-2011-0411",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2011-0411",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-48356",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-0411",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#555316",
"trust": 0.8,
"value": "1.39"
},
{
"author": "CNNVD",
"id": "CNNVD-201103-213",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-48356",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2011-0411",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"description": {
"_id": null,
"data": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack. Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. \nAn attacker can exploit this issue to execute arbitrary commands in the context of the user running the application. Successful exploits can allow attackers to obtain email usernames and passwords. \nThe following vendors are affected:\nIpswitch\nKerio\nPostfix\nQmail-TLS\nOracle (note that the affected application is unknown)\nSCO Group\nspamdyke\nISC. Postfix is \u200b\u200ba mail transfer agent used in Unix-like operating systems. The STARTTLS implementation in Postfix 2.4.x prior to 2.4.16, 2.5.x prior to 2.5.12, 2.6.x prior to 2.6.9, and 2.7.x prior to 2.7.3 did not properly restrict I/ O buffering effect. ==========================================================================\nUbuntu Security Notice USN-1113-1\nApril 18, 2011\n\npostfix vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n- Ubuntu 9.10\n- Ubuntu 8.04 LTS\n- Ubuntu 6.06 LTS\n\nSummary:\n\nAn attacker could send crafted input to Postfix and cause it to reveal\nconfidential information. \nThis issue only affected Ubuntu 6.06 LTS and 8.04 LTS. (CVE-2009-2939)\n\nWietse Venema discovered that Postfix incorrectly handled cleartext\ncommands after TLS is in place. (CVE-2011-0411)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 10.10:\n postfix 2.7.1-1ubuntu0.1\n\nUbuntu 10.04 LTS:\n postfix 2.7.0-1ubuntu0.1\n\nUbuntu 9.10:\n postfix 2.6.5-3ubuntu0.1\n\nUbuntu 8.04 LTS:\n postfix 2.5.1-2ubuntu1.3\n\nUbuntu 6.06 LTS:\n postfix 2.2.10-1ubuntu0.3\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n CVE-2009-2939, CVE-2011-0411\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.1\n https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.1\n https://launchpad.net/ubuntu/+source/postfix/2.6.5-3ubuntu0.1\n https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.3\n https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.3\n\n\n. \n\nCVE-2011-4130\n\tProFTPD uses a response pool after freeing it under\n\texceptional conditions, possibly leading to remote code\n\texecution. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201206-33\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Postfix: Multiple vulnerabilities\n Date: June 25, 2012\n Bugs: #358085, #366605\n ID: 201206-33\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability has been found in Postfix, the worst of which possibly\nallowing remote code execution. \n\nBackground\n==========\n\nPostfix is Wietse Venema=E2=80=99s mailer that attempts to be fast, easy =\nto\nadminister, and secure, as an alternative to the widely-used Sendmail\nprogram. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 mail-mta/postfix \u003c 2.7.4 \u003e= 2.7.4\n\nDescription\n===========\n\nA vulnerability have been discovered in Postfix. Please review the CVE\nidentifier referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Postfix users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=mail-mta/postfix-2.7.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-0411\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0411\n[ 2 ] CVE-2011-1720\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1720\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-33.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. This is a writeup about a flaw that I found recently, and that\nexisted in multiple implementations of SMTP (Simple Mail Transfer\nProtocol) over TLS (Transport Layer Security) including my Postfix\nopen source mailserver. I give an overview of the problem and its\nimpact, how to find out if a server is affected, fixes, and draw\nlessons about where we can expect similar problems. A time line\nis at the end. \n\nFor further reading:\nhttp://www.kb.cert.org/vuls/id/555316 \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411\nhttp://www.postfix.org/CVE-2011-0411.html (extended writeup)\n\n\tWietse\n\nProblem overview and impact\n===========================\n\nThe TLS protocol encrypts communication and protects it against\nmodification by other parties. This protection exists only if a)\nsoftware is free of flaws, and b) clients verify the server\u0027s TLS\ncertificate, so that there can be no \"man in the middle\" (servers\nusually don\u0027t verify client certificates). \n\nThe problem discussed in this writeup is caused by a software flaw. \n\nThe injected commands could be used to steal the victim\u0027s email or\nSASL (Simple Authentication and Security Layer) username and password. \n\nThis is not as big a problem as it may appear to be. The reason\nis that many SMTP client applications don\u0027t verify server TLS\ncertificates. These SMTP clients are always vulnerable to command\ninjection and other attacks. Their TLS sessions are only encrypted\nbut not protected. \n\nA similar plaintext injection flaw may exist in the way SMTP clients\nhandle SMTP-over-TLS server responses, but its impact is less\ninteresting than the server-side flaw. \n\nSMTP is not the only protocol with a mid-session switch from plaintext\nto TLS. Other examples are POP3, IMAP, NNTP and FTP. Implementations\nof these protocols may be affected by the same flaw as discussed here. \n\nDemonstration\n=============\n\nThe problem is easy to demonstrate with a one-line change to the\nOpenSSL s_client command source code (I would prefer scripting, but\nhaving to install Perl CPAN modules and all their dependencies is\nmore work than downloading a .tar.gz file from openssl.org, adding\neight characters to one line, and doing \"./config; make\"). \n\nThe OpenSSL s_client command can make a connection to servers that\nsupport straight TLS, SMTP over TLS, or a handful other protocols\nover TLS. The demonstration with SMTP over TLS involves a one-line\nchange in the OpenSSL s_client source code (with OpenSSL 1.0.0, at\nline 1129 of file apps/s_client.c). \n\nOld:\t\tBIO_printf(sbio,\"STARTTLS\\r\\n\");\nNew:\t\tBIO_printf(sbio,\"STARTTLS\\r\\nRSET\\r\\n\");\n\nWith this change, the s_client command sends the plaintext STARTTLS\ncommand (\"let\u0027s turn on TLS\") immediately followed by an RSET command\n(a relatively harmless protocol \"reset\"). Both commands are sent\nas plaintext in the same TCP/IP packet, and arrive together at the\nserver. The \"\\r\\n\" are the carriage-return and newline characters;\nthese are necessary to terminate an SMTP command. \n\nWhen an SMTP server has the plaintext injection flaw, it reads the\nSTARTTLS command first, switches to SMTP-over-TLS mode, and only\nthen the server reads the RSET command. Note, the RSET command was\ntransmitted during the plaintext SMTP phase when there is no\nprotection, but the server reads the command as if it was received\nover the TLS-protected channel. \n\nThus, when the SMTP server has the flaw, the s_client command output\nwill show two \"250\" SMTP server responses instead of one. The first\n\"250\" response is normal, and is present even when the server is\nnot flawed. The second \"250\" response is for the RSET command, and\nindicates that the SMTP server has the plaintext injection flaw. \n\n $ apps/openssl s_client -quiet -starttls smtp -connect server:port\n [some server TLS certificate details omitted]\n 250 some text here \u003c=== Normal response, also with \"good\" server. \n 250 more text here \u003c=== RSET response, only with flawed server. \n\nAnatomy of the flaw: it\u0027s all about the plumbing\n================================================\n\nWhether a program may have the plaintext injection flaw depends on\nhow it adjusts the plumbing, as it inserts the TLS protocol layer\nin-between the SMTP protocol layer and the O/S TCP/IP protocol\nlayer. I illustrate this with examples from three open source MTAs:\nPostfix, Sendmail and Exim. The diagram below is best viewed with\na fixed-width font, for example, from the Courier family. \n\n Postfix MTA Sendmail MTA Exim MTA\n before/after before/after before/after\n switch to TLS switch to TLS switch to TLS\n\n SMTP SMTP SMTP SMTP SMTP SMTP \u003c= SMTP layer\n || || || || || ||\n stream stream stream stream\u0027 || ||\n buffers buffers buffers buffers\u0027 rw r\u0027w\u0027 \u003c= stream layer\n rw r\u0027w\u0027 rw r\u0027w\u0027 || ||\n || || || || || ||\n || TLS || TLS || TLS \u003c= TLS layer\n || || || || || ||\n O/S O/S O/S O/S O/S O/S \u003c= TCP/IP layer\n\nAs shown in the diagram, both Postfix and Sendmail use an application-\nlevel stream abstraction, where each stream has properties such as\nread/write buffers, read/write functions (indicated with rw), and\nother properties that are omitted for brevity. \n\nWhen Postfix switches to SMTP over TLS, it replaces the plaintext\nread/write functions (rw) with the TLS read/write functions (r\u0027w\u0027). \nPostfix does not modify any of the other stream properties including\nthe read/write buffers. A patch for qmail that introduces TLS\nsupport uses the same approach. This approach of replacing only\nthe stream read/write functions, but not the buffers or other stream\nproperties, can introduce the plaintext injection flaw. \n\nWhen Sendmail switches to SMTP over TLS, it replaces the entire\nstream, along with its read/write buffers and read/write functions. \nExim, on the other hand, does not seem to have a stream abstraction\nlike Postfix, Sendmail or qmail. Instead of replacing streams or\nstream properties, Exim replaces plaintext read/write functions\nwith TLS read/write functions. Because of their program structure,\nSendmail and Exim didn\u0027t suffer from the plaintext injection flaw. \n\nFixing the problem\n==================\n\nThere are two solutions to address the flaw, and both solutions can\nbe used together. \n\n- Report an error when unexpected plaintext is received after the\n STARTTLS command. As documented in RFC 3207, STARTTLS must be\n the last command in a pipelined group. If plaintext commands are\n received after STARTTLS, then that is a protocol violation. \n\n This measure can also be implemented outside the MTA, for example\n in a protocol-aware firewall. \n\n- If a program uses the same input buffer before and after the\n switch to TLS, it should discard the contents of the input buffer,\n just like it discards SMTP protocol information that it received\n during the plaintext protocol phase. \n\nConclusion\n==========\n\nThis plaintext injection problem is likely to recur when some\ndevelopment moves the plaintext-to-ciphertext switch outside the\napplication: for example, into the kernel, into the local hardware,\ninto a proxy, or into other infrastructure. This encourages\napplications to use the same application-level streams and buffers\nand read/write functions before and after the switch to ciphertext. \nWhen this migration happens, plaintext injection becomes once more\na possibility. \n\nTime line\n=========\n\nJan 5 2011: While finishing Postfix for its annual release, I found\nand fixed this flaw in the SMTP server and client implementations,\nwhere it had been sitting ever since TLS support was adopted. \n\nJan 6-10 2011: As we investigated the scope of the problem, Victor\nDuchovni (co-developer) discovered that other implementations were\nalso affected including security providers and security appliances. \n\nJan 11 2011: Contact CERT/CC to help coordinate with the problem\u0027s\nresolution. \n\nMar 7 2011: Public announcement, and Postfix legacy release updates. \n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149\u0026amp;products_id=490\n \n The updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411\n http://www.postfix.org/CVE-2011-0411.html\n http://www.kb.cert.org/vuls/id/555316\n http://www.securityfocus.com/archive/1/516901/30/0/threaded\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.0:\n eb607fe6834ded296aec54851a3bd56c 2009.0/i586/libpostfix1-2.5.5-4.2mdv2009.0.i586.rpm\n 76a18eb7f7627ba5489137eb592d0c8b 2009.0/i586/postfix-2.5.5-4.2mdv2009.0.i586.rpm\n 61c70b9d189f68276601d724e8444d9f 2009.0/i586/postfix-ldap-2.5.5-4.2mdv2009.0.i586.rpm\n 24255918008338487798ea647860484e 2009.0/i586/postfix-mysql-2.5.5-4.2mdv2009.0.i586.rpm\n e4d4db07cb302b3072f78097f84e1b87 2009.0/i586/postfix-pcre-2.5.5-4.2mdv2009.0.i586.rpm\n ebd9879c9c773c3d57375809c696f517 2009.0/i586/postfix-pgsql-2.5.5-4.2mdv2009.0.i586.rpm \n b27d3f6b20b11f71fd54d0f50a8a4b47 2009.0/SRPMS/postfix-2.5.5-4.2mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n 73053818f39aba0ee0bece7ab997b07c 2009.0/x86_64/lib64postfix1-2.5.5-4.2mdv2009.0.x86_64.rpm\n c0e3c04bfd70acc0ee09e7413b3a3400 2009.0/x86_64/postfix-2.5.5-4.2mdv2009.0.x86_64.rpm\n 435fe07232bf307882a1589bc1ccca22 2009.0/x86_64/postfix-ldap-2.5.5-4.2mdv2009.0.x86_64.rpm\n 4d1d018487d1c3328cd425d220136a6f 2009.0/x86_64/postfix-mysql-2.5.5-4.2mdv2009.0.x86_64.rpm\n e7bd9b102319bc1ed4cdda27edaf26e2 2009.0/x86_64/postfix-pcre-2.5.5-4.2mdv2009.0.x86_64.rpm\n 7051b04bff45730a0268c5b311361111 2009.0/x86_64/postfix-pgsql-2.5.5-4.2mdv2009.0.x86_64.rpm \n b27d3f6b20b11f71fd54d0f50a8a4b47 2009.0/SRPMS/postfix-2.5.5-4.2mdv2009.0.src.rpm\n\n Mandriva Linux 2010.0:\n f83a569908244de2e04f13c5e9cbc29a 2010.0/i586/libpostfix1-2.6.5-2.1mdv2010.0.i586.rpm\n b28f60198223458fe7a8b9c92d9901c1 2010.0/i586/postfix-2.6.5-2.1mdv2010.0.i586.rpm\n 1572c433ec62d49970a250050da98ed7 2010.0/i586/postfix-ldap-2.6.5-2.1mdv2010.0.i586.rpm\n 2aeb9f3d82b97e4314b3f8d6500a244a 2010.0/i586/postfix-mysql-2.6.5-2.1mdv2010.0.i586.rpm\n 2d93c886dda73832ee8b96961e0cc316 2010.0/i586/postfix-pcre-2.6.5-2.1mdv2010.0.i586.rpm\n 544853ecd21ca236324418232b59d206 2010.0/i586/postfix-pgsql-2.6.5-2.1mdv2010.0.i586.rpm \n e3748479ec6c93be12808e26e6b0fa55 2010.0/SRPMS/postfix-2.6.5-2.1mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 0282b58fb34ab310a8e66cda1792da37 2010.0/x86_64/lib64postfix1-2.6.5-2.1mdv2010.0.x86_64.rpm\n 644f3b20cfed1b5e57ef53a7ef94898a 2010.0/x86_64/postfix-2.6.5-2.1mdv2010.0.x86_64.rpm\n 16b27a49a3dcae6fa520c3cb24b2f69b 2010.0/x86_64/postfix-ldap-2.6.5-2.1mdv2010.0.x86_64.rpm\n 9e60217b6e8adc9a0e286df835f9d695 2010.0/x86_64/postfix-mysql-2.6.5-2.1mdv2010.0.x86_64.rpm\n 8594b10f400395fff17ffda26e9e3b3d 2010.0/x86_64/postfix-pcre-2.6.5-2.1mdv2010.0.x86_64.rpm\n e63fb8c5794ce971488898af1d537f36 2010.0/x86_64/postfix-pgsql-2.6.5-2.1mdv2010.0.x86_64.rpm \n e3748479ec6c93be12808e26e6b0fa55 2010.0/SRPMS/postfix-2.6.5-2.1mdv2010.0.src.rpm\n\n Mandriva Linux 2010.1:\n 19ee5b6c6a18c73ccf1d74e20f89759d 2010.1/i586/libpostfix1-2.7.0-4.1mdv2010.2.i586.rpm\n 7a468df2b451f6972c38faf1f60ad8af 2010.1/i586/postfix-2.7.0-4.1mdv2010.2.i586.rpm\n a814f84c61afd93f3416c69d993afd7a 2010.1/i586/postfix-cdb-2.7.0-4.1mdv2010.2.i586.rpm\n f6f7f9492ab304d28f8aa4bfc653ca1e 2010.1/i586/postfix-ldap-2.7.0-4.1mdv2010.2.i586.rpm\n 8013bafd20881dd85b3be95529be848d 2010.1/i586/postfix-mysql-2.7.0-4.1mdv2010.2.i586.rpm\n 145c8551dc1c51b071d1f3f992f8e638 2010.1/i586/postfix-pcre-2.7.0-4.1mdv2010.2.i586.rpm\n 8f0d058eda66267085cbe5a7f5133b60 2010.1/i586/postfix-pgsql-2.7.0-4.1mdv2010.2.i586.rpm \n c90d8220b74b39ce44a4b9dfe8876783 2010.1/SRPMS/postfix-2.7.0-4.1mdv2010.2.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n 0a9207a9e00cce2e656ff248513d5bc3 2010.1/x86_64/lib64postfix1-2.7.0-4.1mdv2010.2.x86_64.rpm\n 3e2cc9ea2bf3d6979d5c6a5b3ec9b54a 2010.1/x86_64/postfix-2.7.0-4.1mdv2010.2.x86_64.rpm\n c8c5efad63b597b3d3a0aec3c5027ffa 2010.1/x86_64/postfix-cdb-2.7.0-4.1mdv2010.2.x86_64.rpm\n 71d9a4095514c72494c4f02d2696b619 2010.1/x86_64/postfix-ldap-2.7.0-4.1mdv2010.2.x86_64.rpm\n 8865fea8796435b2d715bf0d89c4530f 2010.1/x86_64/postfix-mysql-2.7.0-4.1mdv2010.2.x86_64.rpm\n 784960a49889f3fce8a308842321d8e8 2010.1/x86_64/postfix-pcre-2.7.0-4.1mdv2010.2.x86_64.rpm\n dc50ccda7bfb1a1f7f673bc251f14683 2010.1/x86_64/postfix-pgsql-2.7.0-4.1mdv2010.2.x86_64.rpm \n c90d8220b74b39ce44a4b9dfe8876783 2010.1/SRPMS/postfix-2.7.0-4.1mdv2010.2.src.rpm\n\n Corporate 4.0:\n 6b7d62433679d20ae3b5cdf2668019e7 corporate/4.0/i586/libpostfix1-2.3.5-0.4.20060mlcs4.i586.rpm\n c5d4cbc67d00e0ea8b32c6598d6d65f0 corporate/4.0/i586/postfix-2.3.5-0.4.20060mlcs4.i586.rpm\n 287daadea040f15c1e25a6de77a438b2 corporate/4.0/i586/postfix-ldap-2.3.5-0.4.20060mlcs4.i586.rpm\n aac87a567ae68c48d4e8226429b35697 corporate/4.0/i586/postfix-mysql-2.3.5-0.4.20060mlcs4.i586.rpm\n c331a8061b0c5a6639c633d608e37871 corporate/4.0/i586/postfix-pcre-2.3.5-0.4.20060mlcs4.i586.rpm\n 25ce650233120a54e830c120f773f715 corporate/4.0/i586/postfix-pgsql-2.3.5-0.4.20060mlcs4.i586.rpm \n f2f060fddbb666572eca06ae47e36a3a corporate/4.0/SRPMS/postfix-2.3.5-0.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 45b683c80b3006c3df5144bfe0fede86 corporate/4.0/x86_64/lib64postfix1-2.3.5-0.4.20060mlcs4.x86_64.rpm\n fc82cfcdbf89c059b6850edfa049128f corporate/4.0/x86_64/postfix-2.3.5-0.4.20060mlcs4.x86_64.rpm\n 7057754d88c8146d235d3ab96fd64d2f corporate/4.0/x86_64/postfix-ldap-2.3.5-0.4.20060mlcs4.x86_64.rpm\n 872c28155eb6276ba0fd1001387ffac7 corporate/4.0/x86_64/postfix-mysql-2.3.5-0.4.20060mlcs4.x86_64.rpm\n 644747748d18077fc63aa740c2947768 corporate/4.0/x86_64/postfix-pcre-2.3.5-0.4.20060mlcs4.x86_64.rpm\n 19b2a209beade7e6e25de6d0f3cb4b6d corporate/4.0/x86_64/postfix-pgsql-2.3.5-0.4.20060mlcs4.x86_64.rpm \n f2f060fddbb666572eca06ae47e36a3a corporate/4.0/SRPMS/postfix-2.3.5-0.4.20060mlcs4.src.rpm\n\n Mandriva Enterprise Server 5:\n 9c50578bd954be2ea42e6f3f3131cc9c mes5/i586/libpostfix1-2.5.5-4.2mdvmes5.2.i586.rpm\n bca22f9be6e6bef4e02f2ffb4623d2e3 mes5/i586/postfix-2.5.5-4.2mdvmes5.2.i586.rpm\n 45cfa7336d29cddca1ac07270d2b8287 mes5/i586/postfix-ldap-2.5.5-4.2mdvmes5.2.i586.rpm\n 87d4b942fefedc239a213b3ce5715cf0 mes5/i586/postfix-mysql-2.5.5-4.2mdvmes5.2.i586.rpm\n b3caf9572b69e757b9697139bb0ed5d8 mes5/i586/postfix-pcre-2.5.5-4.2mdvmes5.2.i586.rpm\n bde845f9957e2ead0e398c5bebef6f79 mes5/i586/postfix-pgsql-2.5.5-4.2mdvmes5.2.i586.rpm \n 8ad3739bcdf5297b2dddfb4e289049d9 mes5/SRPMS/postfix-2.5.5-4.2mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n d920df80c9fdbcb64a9c50d265acd7e8 mes5/x86_64/lib64postfix1-2.5.5-4.2mdvmes5.2.x86_64.rpm\n 1d09a25b69b76b2c013bac182c0e456d mes5/x86_64/postfix-2.5.5-4.2mdvmes5.2.x86_64.rpm\n 0afe348155bee4af965ec616d86a9219 mes5/x86_64/postfix-ldap-2.5.5-4.2mdvmes5.2.x86_64.rpm\n db4e476a96f489d957610fb1ff7c6f9e mes5/x86_64/postfix-mysql-2.5.5-4.2mdvmes5.2.x86_64.rpm\n 6ce0428271de05b3bb2d2e430c3281a3 mes5/x86_64/postfix-pcre-2.5.5-4.2mdvmes5.2.x86_64.rpm\n 32468daeee58b727ce1c85adcc2b364c mes5/x86_64/postfix-pgsql-2.5.5-4.2mdvmes5.2.x86_64.rpm \n 8ad3739bcdf5297b2dddfb4e289049d9 mes5/SRPMS/postfix-2.5.5-4.2mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2009-2939\n The postinst script grants the postfix user write access to\n /var/spool/postfix/pid, which might allow local users to\n conduct symlink attacks that overwrite arbitrary files. \n\nCVE-2011-1720\n A heap-based read-only buffer overflow allows malicious\n clients to crash the smtpd server process using a crafted SASL\n authentication request. \n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.5.5-1.1+lenny1. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.1-1+squeeze1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.8.0-1. \n\nWe recommend that you upgrade your postfix packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niQEcBAEBAgAGBQJNyXybAAoJEL97/wQC1SS+xb0H/igqYhOTtvO91deptOPyednw\n5sBQPXGoo+RXeomLsJk8P6ezm7fEGTSl7GUEpNwS1qsqAPVnl9XAK6dOGFae1PbG\n2L93eR6AKgKo60tp2On1Tf1c0HcD6yKiZ6J7C7nZ3E8+yZwSd1k6826ZUQ3gzKKW\nDTIu6w2CzzleK/bppWfhAvwvobHD6X1B16qklZfqw6H0C/QfMjM8ZXLCRv9Tq1TN\njX1W4qeed7pr8r3pTJ9npzae7drqFLoVDi0tpGKi0UHEwgRma1AbDaI2BVmeblue\nYNRHg7H+TqfrUwN8iB64WrYvqnHCQfvViL8f0ML2uJXJf/lHby+vxPl6EGxAIoY=\n=yCCp\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0411"
},
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "BID",
"id": "46767"
},
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "PACKETSTORM",
"id": "100558"
},
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "99457"
},
{
"db": "PACKETSTORM",
"id": "114177"
},
{
"db": "PACKETSTORM",
"id": "99053"
},
{
"db": "PACKETSTORM",
"id": "99392"
},
{
"db": "PACKETSTORM",
"id": "101275"
}
],
"trust": 2.7
},
"external_ids": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#555316",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2011-0411",
"trust": 2.8
},
{
"db": "BID",
"id": "46767",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "43646",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "43874",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2011-0891",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2011-0752",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2011-0611",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "71021",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1025179",
"trust": 1.8
},
{
"db": "JUNIPER",
"id": "JSA10705",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/08/10/2",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "99457",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "114177",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "99392",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "107027",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "99053",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-48356",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2011-0411",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "100558",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101275",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "BID",
"id": "46767"
},
{
"db": "PACKETSTORM",
"id": "100558"
},
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "99457"
},
{
"db": "PACKETSTORM",
"id": "114177"
},
{
"db": "PACKETSTORM",
"id": "99053"
},
{
"db": "PACKETSTORM",
"id": "99392"
},
{
"db": "PACKETSTORM",
"id": "101275"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"id": "VAR-201103-0114",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-48356"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T23:24:36.765000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Postfix STARTTLS Achieve repair measures for plaintext command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159437"
},
{
"title": "Debian CVElist Bug Report Logs: postfix STARTTLS affected by CVE-2011-0411",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=74282b8fe400ed6ddbb6171a1052e2fd"
},
{
"title": "Debian CVElist Bug Report Logs: [CVE-2011-4130] Use-after-free issue",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f7453f9ff437afb706c192fb10d67eb2"
},
{
"title": "Debian CVElist Bug Report Logs: inn: CVE-2012-3523 prone to STARTTLS plaintext command injection",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a774850c70017348487727b907fda84b"
},
{
"title": "Debian CVElist Bug Report Logs: courier: CVE-2021-38084",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=9dc8ffd76b724b58108eb46bc913121c"
},
{
"title": "Debian CVElist Bug Report Logs: STARTTLS plaintext command injection",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b03b4eab65949f1c915b1538f80e6a4b"
},
{
"title": "Ubuntu Security Notice: postfix vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1113-1"
},
{
"title": "Debian Security Advisories: DSA-2346-2 proftpd-dfsg -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a1db5959643fcc6f1957a67359aa92ed"
},
{
"title": "Debian Security Advisories: DSA-2233-1 postfix -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=96aadd3bb66ec0adb18615b395c09544"
},
{
"title": "Vision",
"trust": 0.1,
"url": "https://github.com/CoolerVoid/Vision "
},
{
"title": "Vision2",
"trust": 0.1,
"url": "https://github.com/CoolerVoid/Vision2 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-264",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"trust": 2.4,
"url": "http://www.postfix.org/cve-2011-0411.html"
},
{
"trust": 2.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"trust": 1.9,
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00003.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/46767"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht5002"
},
{
"trust": 1.8,
"url": "http://www.kb.cert.org/vuls/id/moro-8elh6z"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-march/056560.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-march/056559.html"
},
{
"trust": 1.8,
"url": "http://www.osvdb.org/71021"
},
{
"trust": 1.8,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0422.html"
},
{
"trust": 1.8,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0423.html"
},
{
"trust": 1.8,
"url": "http://securitytracker.com/id?1025179"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/43646"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/43874"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2011/0891"
},
{
"trust": 1.8,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"trust": 1.7,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10705"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc2595"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc3207"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc4642"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=674814"
},
{
"trust": 0.8,
"url": "http://www.watchguard.com/archive/softwarecenter.asp"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0411"
},
{
"trust": 0.3,
"url": "http://kolab.org/pipermail/kolab-announce/2011/000101.html"
},
{
"trust": 0.3,
"url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424"
},
{
"trust": 0.3,
"url": "http://cyrusimap.org/mediawiki/index.php/bugs_resolved_in_2.4.7"
},
{
"trust": 0.3,
"url": "https://www.isc.org/software/inn/2.5.3article"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/mapg-8d9m4p"
},
{
"trust": 0.3,
"url": "http://files.kolab.org/server/release/kolab-server-2.3.2/sources/release-notes.txt"
},
{
"trust": 0.3,
"url": "http://www.pureftpd.org/project/pure-ftpd/news"
},
{
"trust": 0.3,
"url": "http://www.watchguard.com/support/release-notes/xcs/9/en-us/en_releasenotes_xcs_9_1_1/en_releasenotes_wg_xcs_9_1_tls_hotfix.pdf"
},
{
"trust": 0.3,
"url": "http://www.spamdyke.org/documentation/changelog.txt"
},
{
"trust": 0.3,
"url": "http://datatracker.ietf.org/doc/draft-josefsson-kerberos5-starttls/?include_text=1"
},
{
"trust": 0.3,
"url": "/archive/1/516901"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100134676"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100141041"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=850478"
},
{
"trust": 0.3,
"url": "http://inoa.net/qmail-tls/vu555316.patch"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2939"
},
{
"trust": 0.2,
"url": "http://secunia.com/"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.2,
"url": "http://store.mandriva.com/product_info.php?cpath=149\u0026amp;products_id=490"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1720"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0411"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10705"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617849"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=22617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/1113-1/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.6.5-3ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4130"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1720"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0411"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/archive/1/516901/30/0/threaded"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "BID",
"id": "46767"
},
{
"db": "PACKETSTORM",
"id": "100558"
},
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "99457"
},
{
"db": "PACKETSTORM",
"id": "114177"
},
{
"db": "PACKETSTORM",
"id": "99053"
},
{
"db": "PACKETSTORM",
"id": "99392"
},
{
"db": "PACKETSTORM",
"id": "101275"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#555316",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-48356",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2011-0411",
"ident": null
},
{
"db": "BID",
"id": "46767",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "100558",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "107027",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "99457",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "114177",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "99053",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "99392",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "101275",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2011-0411",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2011-03-07T00:00:00",
"db": "CERT/CC",
"id": "VU#555316",
"ident": null
},
{
"date": "2011-03-16T00:00:00",
"db": "VULHUB",
"id": "VHN-48356",
"ident": null
},
{
"date": "2011-03-16T00:00:00",
"db": "VULMON",
"id": "CVE-2011-0411",
"ident": null
},
{
"date": "2011-03-07T00:00:00",
"db": "BID",
"id": "46767",
"ident": null
},
{
"date": "2011-04-18T22:40:46",
"db": "PACKETSTORM",
"id": "100558",
"ident": null
},
{
"date": "2011-11-16T04:40:08",
"db": "PACKETSTORM",
"id": "107027",
"ident": null
},
{
"date": "2011-03-18T21:45:06",
"db": "PACKETSTORM",
"id": "99457",
"ident": null
},
{
"date": "2012-06-25T22:58:41",
"db": "PACKETSTORM",
"id": "114177",
"ident": null
},
{
"date": "2011-03-07T19:44:44",
"db": "PACKETSTORM",
"id": "99053",
"ident": null
},
{
"date": "2011-03-16T21:26:42",
"db": "PACKETSTORM",
"id": "99392",
"ident": null
},
{
"date": "2011-05-10T18:42:48",
"db": "PACKETSTORM",
"id": "101275",
"ident": null
},
{
"date": "2011-03-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201103-213",
"ident": null
},
{
"date": "2011-03-16T22:55:02.717000",
"db": "NVD",
"id": "CVE-2011-0411",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2011-09-08T00:00:00",
"db": "CERT/CC",
"id": "VU#555316",
"ident": null
},
{
"date": "2017-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-48356",
"ident": null
},
{
"date": "2021-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2011-0411",
"ident": null
},
{
"date": "2015-04-13T21:35:00",
"db": "BID",
"id": "46767",
"ident": null
},
{
"date": "2021-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201103-213",
"ident": null
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-0411",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "114177"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
}
],
"trust": 0.8
},
"title": {
"_id": null,
"data": "STARTTLS plaintext command injection vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
}
],
"trust": 0.6
}
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…