Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2011-0411 (GCVE-0-2011-0411)
Vulnerability from cvelistv5 – Published: 2011-03-16 22:00 – Updated: 2024-08-06 21:51
VLAI?
EPSS
Summary
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:08.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "multiple-starttls-command-execution(65932)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postfix.org/CVE-2011-0411.html"
},
{
"name": "43646",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43646"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "71021",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/71021"
},
{
"name": "ADV-2011-0752",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"name": "ADV-2011-0891",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0891"
},
{
"name": "GLSA-201206-33",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"name": "FEDORA-2011-3355",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html"
},
{
"name": "43874",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43874"
},
{
"name": "FEDORA-2011-3394",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "ADV-2011-0611",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"name": "46767",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46767"
},
{
"name": "RHSA-2011:0423",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0423.html"
},
{
"name": "VU#555316",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"name": "1025179",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025179"
},
{
"name": "RHSA-2011:0422",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "DSA-2233",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"name": "[oss-security] 20210810 STARTTLS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-10T11:07:06",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "multiple-starttls-command-execution(65932)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postfix.org/CVE-2011-0411.html"
},
{
"name": "43646",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43646"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "71021",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/71021"
},
{
"name": "ADV-2011-0752",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"name": "ADV-2011-0891",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0891"
},
{
"name": "GLSA-201206-33",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"name": "FEDORA-2011-3355",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html"
},
{
"name": "43874",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43874"
},
{
"name": "FEDORA-2011-3394",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "ADV-2011-0611",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"name": "46767",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46767"
},
{
"name": "RHSA-2011:0423",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0423.html"
},
{
"name": "VU#555316",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"name": "1025179",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025179"
},
{
"name": "RHSA-2011:0422",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "DSA-2233",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"name": "[oss-security] 20210810 STARTTLS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-0411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "multiple-starttls-command-execution(65932)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"name": "http://www.postfix.org/CVE-2011-0411.html",
"refsource": "CONFIRM",
"url": "http://www.postfix.org/CVE-2011-0411.html"
},
{
"name": "43646",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43646"
},
{
"name": "SUSE-SR:2011:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "71021",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/71021"
},
{
"name": "ADV-2011-0752",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"name": "ADV-2011-0891",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0891"
},
{
"name": "GLSA-201206-33",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"name": "FEDORA-2011-3355",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html"
},
{
"name": "43874",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43874"
},
{
"name": "FEDORA-2011-3394",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html"
},
{
"name": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "ADV-2011-0611",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"name": "46767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46767"
},
{
"name": "RHSA-2011:0423",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0423.html"
},
{
"name": "VU#555316",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"name": "1025179",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025179"
},
{
"name": "RHSA-2011:0422",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "DSA-2233",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"name": "[oss-security] 20210810 STARTTLS vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-0411",
"datePublished": "2011-03-16T22:00:00",
"dateReserved": "2011-01-11T00:00:00",
"dateUpdated": "2024-08-06T21:51:08.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2011-0411\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2011-03-16T22:55:02.717\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \\\"plaintext command injection\\\" attack.\"},{\"lang\":\"es\",\"value\":\"La implementaci\u00f3n de STARTTLS de Postfix 2.4.x anteriores a 2.4.16, 2.5.x anteriores a 2.5.12, 2.6.x anteriores a 2.6.9, y 2.7.x anteriores a 2.7.3 no restringe apropiadamente el buffering de I/O, lo que permite a atacantes man-in-the-middle insertar comandos en sesiones SMTP encriptadas enviando un comando en texto claro que es procesado despu\u00e9s de que TLS es iniciado. Relacionado con un ataque de \\\"inyecci\u00f3n de comandos de texto en claro\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"998D1069-1CF5-42C5-8668-49D72E2D2F17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2138A68-3F3D-4C7E-9FEB-2C8A445F2789\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED5E0EB5-ECC6-4573-9EA7-83E5741DA3CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"790C02A8-95DD-42BE-8A1C-1C6D6DDCC443\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A0034F2-585D-4A98-8428-996A726712DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8B162B5-DEF5-46AD-87D1-734B3B637D46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DF3730A-0FFD-4C23-B758-BBA67CC9CD92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10E8E5E2-5674-40D5-AD86-8C4DDB442EE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"690EDC73-47B5-4891-86A5-37B6ED80E145\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B751BA4B-B7C8-4A87-A03C-5C91678FC832\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08943D31-2139-45D3-A0DB-0C11C31875CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"591FB74F-BD86-4314-A359-739A245D2642\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F2EF7B2-943F-4DFA-8249-7FC0F9FB0312\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B3AFC1E-01FF-4F91-8C82-5C16378812C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95E552B8-8B26-4DEE-BC6A-BC0B01C42474\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66E26194-A7E6-4A99-8F55-7422A7E9BAB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.4.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58097735-FE3B-48B7-B5EA-3CD530E16031\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA31260C-1C67-4E76-9F56-2359BFA0B197\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58F1FC50-B6EB-48FD-A2FA-B8BEB05719DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1DE90BD-B5F9-4762-B086-130AB04F3CB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCD5258B-C9DE-47BD-9172-27618F220201\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC95B8DD-C8C6-4FC4-81A5-23D7669DA22A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"894002C8-F3C1-4241-96FE-C088BBD0FCED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C91BA7D1-2A5B-4721-8E13-6520D6F0114B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBE79FBB-801F-4B1E-8FB8-CB2A1FAF6EEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"253DB571-62B7-4015-A758-9DE55AAB8B9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.5.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7AF9D8C-B11C-4681-84CE-5C86926C85F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.5.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"955FBDF4-5103-4B19-A5F1-9468F73C7A54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.5.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AAC0FF5-9699-4011-8C07-5DDAF13B64A4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D1E6461-2F2A-49C5-9B2B-08DE418F2F7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5B3F710-13EF-4A36-B191-E0FCC1D98E23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFB5988E-D04B-43B9-A980-82FD44D1D198\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12A1021E-587D-47D3-80E8-43D9CCB4BD72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAC9B923-222D-4F7F-970C-0B9ADF4E86F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D31B75AE-FF82-4B70-BDEC-4B0FA791A085\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C148A9D5-8899-4956-BE45-C4DBD4A2BE08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"558A2B97-6582-445F-991C-4DD530E991DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56509587-6CE6-4497-B571-0A014E1FE064\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B24CEB4-4F57-46CB-990B-AB664CEC96EE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5044BFB-4F00-4FFC-9A66-2FDC666B6C2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"827897F6-2A24-45EC-A072-8C02BA726069\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postfix:postfix:2.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A3CFD6A-86E2-4E7B-BAC2-3163FC7DBF17\"}]}]}],\"references\":[{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705\",\"source\":\"cret@cert.org\"},{\"url\":\"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://secunia.com/advisories/43646\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/43874\",\"source\":\"cret@cert.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-201206-33.xml\",\"source\":\"cret@cert.org\"},{\"url\":\"http://securitytracker.com/id?1025179\",\"source\":\"cret@cert.org\"},{\"url\":\"http://support.apple.com/kb/HT5002\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.debian.org/security/2011/dsa-2233\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/555316\",\"source\":\"cret@cert.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/MORO-8ELH6Z\",\"source\":\"cret@cert.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/08/10/2\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.osvdb.org/71021\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.postfix.org/CVE-2011-0411.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0422.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0423.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.securityfocus.com/bid/46767\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0611\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0752\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0891\",\"source\":\"cret@cert.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/65932\",\"source\":\"cret@cert.org\"},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/43646\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/43874\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-201206-33.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1025179\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT5002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2011/dsa-2233\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/555316\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/MORO-8ELH6Z\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/08/10/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/71021\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.postfix.org/CVE-2011-0411.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0422.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0423.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/46767\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0611\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0752\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0891\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/65932\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTA-2011-AVI-239
Vulnerability from certfr_avis - Published: 2011-04-20 - Updated: 2011-04-20
De multiples vulnérabilités présentes dans les produits Oracle Sun ont été corrigées.
Description
De multiples vulnérabilités présentes dans les produits Oracle Sun ont été corrigées. Les détails de ces vulnérabilités n'ont pas été divulgués mais l'une d'entre elles à un niveau de criticité maximal dans l'échelle de l'éditeur (10).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | N/A | Oracle iplanet Web Server (Sun Java System Web Server) versions 6.1, 7.0; | ||
| Oracle | N/A | Oracle Sun Glassfish Enterprise Server, Oracle Sun Java System Application Server versions 2.1, 2.11, 3.0.1, 9.1; | ||
| Oracle | N/A | Oracle Java Dynamic Management Kit cersion 5.1; | ||
| Oracle | N/A | Oracle Sun Solaris versions 8, 9, 10, 11 Express; | ||
| Oracle | N/A | Oracle Sun Java System Messaging Server versions 6.3, 7.0; | ||
| Oracle | N/A | Oracle Sun Java System Access Manager Policy Agent version 2.2; | ||
| Oracle | N/A | Oracle Open SSO Enterprise, Sun Java system Access Manager versions 7.1, 8.0. |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle iplanet Web Server (Sun Java System Web Server) versions 6.1, 7.0;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Sun Glassfish Enterprise Server, Oracle Sun Java System Application Server versions 2.1, 2.11, 3.0.1, 9.1;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java Dynamic Management Kit cersion 5.1;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Sun Solaris versions 8, 9, 10, 11 Express;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Sun Java System Messaging Server versions 6.3, 7.0;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Sun Java System Access Manager Policy Agent version 2.2;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Open SSO Enterprise, Sun Java system Access Manager versions 7.1, 8.0.",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits Oracle Sun ont\n\u00e9t\u00e9 corrig\u00e9es. Les d\u00e9tails de ces vuln\u00e9rabilit\u00e9s n\u0027ont pas \u00e9t\u00e9 divulgu\u00e9s\nmais l\u0027une d\u0027entre elles \u00e0 un niveau de criticit\u00e9 maximal dans l\u0027\u00e9chelle\nde l\u0027\u00e9diteur (10).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-4476",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4476"
},
{
"name": "CVE-2011-0820",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0820"
},
{
"name": "CVE-2011-0790",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0790"
},
{
"name": "CVE-2011-0839",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0839"
},
{
"name": "CVE-2011-0821",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0821"
},
{
"name": "CVE-2011-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0801"
},
{
"name": "CVE-2011-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0800"
},
{
"name": "CVE-2011-0813",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0813"
},
{
"name": "CVE-2011-0807",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0807"
},
{
"name": "CVE-2011-0829",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0829"
},
{
"name": "CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
},
{
"name": "CVE-2011-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0841"
},
{
"name": "CVE-2011-0844",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0844"
},
{
"name": "CVE-2011-0849",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0849"
},
{
"name": "CVE-2011-0847",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0847"
},
{
"name": "CVE-2011-0846",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0846"
},
{
"name": "CVE-2011-0812",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0812"
}
],
"initial_release_date": "2011-04-20T00:00:00",
"last_revision_date": "2011-04-20T00:00:00",
"links": [],
"reference": "CERTA-2011-AVI-239",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-04-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits Oracle Sun ont\n\u00e9t\u00e9 corrig\u00e9es.\n",
"title": "Multiples Vuln\u00e9rabilit\u00e9s dans les produits Oracle Sun",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle d\u0027avril 2011",
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2011-301950.html"
}
]
}
CERTA-2011-AVI-177
Vulnerability from certfr_avis - Published: 2011-03-30 - Updated: 2011-03-30
Une vulnérabilité dans Pure-FTPd permet à une personne malintentionnée de porter atteinte à l'intégrité des données.
Description
Une vulnérabilité dans la gestion des connexions sécurisées au moyen de la commande STARTTLS permet à une personne malintentionnée de porter atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Pure-FTPd versions antérieures à la 1.0.30
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003ePure-FTPd versions ant\u00e9rieures \u00e0 la 1.0.30\u003c/P\u003e",
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans la gestion des connexions s\u00e9curis\u00e9es au moyen de\nla commande STARTTLS permet \u00e0 une personne malintentionn\u00e9e de porter\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
}
],
"initial_release_date": "2011-03-30T00:00:00",
"last_revision_date": "2011-03-30T00:00:00",
"links": [],
"reference": "CERTA-2011-AVI-177",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-03-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans Pure-FTPd permet \u00e0 une personne malintentionn\u00e9e\nde porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Pure-FTPd",
"vendor_advisories": [
{
"published_at": null,
"title": "Note de nouvelle version Pure-FTPd 1.0.30",
"url": "http://www.pureftpd.org/project/pure-ftpd/news"
}
]
}
CERTFR-2015-AVI-431
Vulnerability from certfr_avis - Published: 2015-10-15 - Updated: 2015-10-15
De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QFabric 3100 Director versions 12.x",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "ScreenOS",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CTPView 7.0R3",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Juniper Junos OS",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-2905",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2905"
},
{
"name": "CVE-2011-2483",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2483"
},
{
"name": "CVE-2013-1667",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1667"
},
{
"name": "CVE-2012-3417",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3417"
},
{
"name": "CVE-2014-0063",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0063"
},
{
"name": "CVE-2015-5600",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
},
{
"name": "CVE-2014-3566",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3566"
},
{
"name": "CVE-2014-8867",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8867"
},
{
"name": "CVE-2015-1793",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1793"
},
{
"name": "CVE-2015-1791",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1791"
},
{
"name": "CVE-2009-3490",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3490"
},
{
"name": "CVE-2012-0866",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0866"
},
{
"name": "CVE-2010-3433",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3433"
},
{
"name": "CVE-2012-5526",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5526"
},
{
"name": "CVE-2010-1447",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1447"
},
{
"name": "CVE-2014-0061",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0061"
},
{
"name": "CVE-2009-0115",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0115"
},
{
"name": "CVE-2007-6067",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6067"
},
{
"name": "CVE-2010-0826",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0826"
},
{
"name": "CVE-2014-8159",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8159"
},
{
"name": "CVE-2010-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0211"
},
{
"name": "CVE-2013-4242",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4242"
},
{
"name": "CVE-2015-1158",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1158"
},
{
"name": "CVE-2015-2808",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
},
{
"name": "CVE-2010-4352",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4352"
},
{
"name": "CVE-2015-7749",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7749"
},
{
"name": "CVE-2011-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1720"
},
{
"name": "CVE-2010-1168",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1168"
},
{
"name": "CVE-2009-1189",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1189"
},
{
"name": "CVE-2014-6450",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6450"
},
{
"name": "CVE-2015-1789",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1789"
},
{
"name": "CVE-2008-2937",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2937"
},
{
"name": "CVE-2012-2697",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2697"
},
{
"name": "CVE-2013-2566",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
},
{
"name": "CVE-2011-1081",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1081"
},
{
"name": "CVE-2009-1632",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1632"
},
{
"name": "CVE-2012-3488",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3488"
},
{
"name": "CVE-2015-5361",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5361"
},
{
"name": "CVE-2013-6435",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6435"
},
{
"name": "CVE-2010-2761",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2761"
},
{
"name": "CVE-2012-5195",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5195"
},
{
"name": "CVE-2015-1788",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
},
{
"name": "CVE-2014-6449",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6449"
},
{
"name": "CVE-2015-1792",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1792"
},
{
"name": "CVE-2014-6451",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6451"
},
{
"name": "CVE-2012-6329",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6329"
},
{
"name": "CVE-2014-4345",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4345"
},
{
"name": "CVE-2008-5302",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5302"
},
{
"name": "CVE-2013-6629",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6629"
},
{
"name": "CVE-2014-2285",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2285"
},
{
"name": "CVE-2013-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4449"
},
{
"name": "CVE-2012-0868",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0868"
},
{
"name": "CVE-2007-4476",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4476"
},
{
"name": "CVE-2010-4410",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4410"
},
{
"name": "CVE-2008-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
},
{
"name": "CVE-2015-7752",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7752"
},
{
"name": "CVE-2010-0407",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0407"
},
{
"name": "CVE-2014-0064",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0064"
},
{
"name": "CVE-2014-0065",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0065"
},
{
"name": "CVE-2007-4772",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4772"
},
{
"name": "CVE-2013-0292",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0292"
},
{
"name": "CVE-2012-6151",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6151"
},
{
"name": "CVE-2008-5303",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5303"
},
{
"name": "CVE-2015-1159",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1159"
},
{
"name": "CVE-2011-2200",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2200"
},
{
"name": "CVE-2015-7748",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7748"
},
{
"name": "CVE-2015-7750",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7750"
},
{
"name": "CVE-2015-7751",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7751"
},
{
"name": "CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
},
{
"name": "CVE-2008-3834",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3834"
},
{
"name": "CVE-2010-0624",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0624"
},
{
"name": "CVE-2014-0062",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0062"
},
{
"name": "CVE-2011-1025",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1025"
},
{
"name": "CVE-2014-6448",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6448"
},
{
"name": "CVE-2011-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3597"
},
{
"name": "CVE-2010-0212",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0212"
},
{
"name": "CVE-2009-1185",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1185"
},
{
"name": "CVE-2009-4901",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4901"
},
{
"name": "CVE-2010-1172",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1172"
},
{
"name": "CVE-2010-4530",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4530"
},
{
"name": "CVE-2011-1024",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1024"
},
{
"name": "CVE-2014-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
},
{
"name": "CVE-2014-0060",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0060"
},
{
"name": "CVE-1999-0524",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0524"
},
{
"name": "CVE-2010-4015",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4015"
},
{
"name": "CVE-2011-0002",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0002"
},
{
"name": "CVE-2009-1574",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1574"
},
{
"name": "CVE-2009-3736",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3736"
},
{
"name": "CVE-2015-1790",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1790"
},
{
"name": "CVE-2012-2143",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2143"
},
{
"name": "CVE-2014-0066",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0066"
},
{
"name": "CVE-2010-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0001"
}
],
"initial_release_date": "2015-10-15T00:00:00",
"last_revision_date": "2015-10-15T00:00:00",
"links": [],
"reference": "CERTFR-2015-AVI-431",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10694 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10700 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10700\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10703 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10703\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10708 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10708\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10705 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10706 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10706\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10695 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10695\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10699 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10699\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10697 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10697\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10707 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10707\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10702 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10702\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10704 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10704\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10696 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10696\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10701 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10701\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTA-2011-AVI-564
Vulnerability from certfr_avis - Published: 2011-10-13 - Updated: 2011-10-13
Plusieurs vulnérabilités présentes dans Mac OS X ont été corrigées.
Description
De multiples vulnérabilités découvertes dans Mac OS X permettent à une personne malveillante d'exécuter du code arbitraire à distance avec potentiellement des privilèges élevés, de provoquer un déni de service, de contourner la politique de sécurité du système, de porter atteinte à la confidentialité et à l'intégrité des données ou encore de réaliser une injection de code indirecte.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mac OS X v10.6.8 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Mac OS X Lion Server v10.7 et v10.7.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Mac OS X Server v10.7 et v10.7.1.",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Mac OS X Server v10.6.8 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans Mac OS X permettent \u00e0 une\npersonne malveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance avec\npotentiellement des privil\u00e8ges \u00e9lev\u00e9s, de provoquer un d\u00e9ni de service,\nde contourner la politique de s\u00e9curit\u00e9 du syst\u00e8me, de porter atteinte \u00e0\nla confidentialit\u00e9 et \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es ou encore de r\u00e9aliser\nune injection de code indirecte.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-3216",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3216"
},
{
"name": "CVE-2011-3436",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3436"
},
{
"name": "CVE-2010-1634",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1634"
},
{
"name": "CVE-2011-3214",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3214"
},
{
"name": "CVE-2011-0187",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0187"
},
{
"name": "CVE-2011-3192",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3192"
},
{
"name": "CVE-2011-3228",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3228"
},
{
"name": "CVE-2011-0421",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0421"
},
{
"name": "CVE-2011-0259",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0259"
},
{
"name": "CVE-2011-3221",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3221"
},
{
"name": "CVE-2010-4172",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4172"
},
{
"name": "CVE-2011-3217",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3217"
},
{
"name": "CVE-2011-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3219"
},
{
"name": "CVE-2011-0534",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0534"
},
{
"name": "CVE-2011-0230",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0230"
},
{
"name": "CVE-2011-0229",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0229"
},
{
"name": "CVE-2011-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1471"
},
{
"name": "CVE-2011-3222",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3222"
},
{
"name": "CVE-2011-1466",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1466"
},
{
"name": "CVE-2011-0226",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0226"
},
{
"name": "CVE-2011-0013",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0013"
},
{
"name": "CVE-2011-0231",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0231"
},
{
"name": "CVE-2011-3213",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3213"
},
{
"name": "CVE-2009-4022",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4022"
},
{
"name": "CVE-2011-1153",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1153"
},
{
"name": "CVE-2011-3218",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3218"
},
{
"name": "CVE-2011-2692",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2692"
},
{
"name": "CVE-2010-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4645"
},
{
"name": "CVE-2011-0249",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0249"
},
{
"name": "CVE-2011-3212",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3212"
},
{
"name": "CVE-2011-0250",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0250"
},
{
"name": "CVE-2011-1092",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1092"
},
{
"name": "CVE-2011-3227",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3227"
},
{
"name": "CVE-2011-1469",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1469"
},
{
"name": "CVE-2010-2227",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2227"
},
{
"name": "CVE-2011-1910",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1910"
},
{
"name": "CVE-2011-3220",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3220"
},
{
"name": "CVE-2011-0708",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0708"
},
{
"name": "CVE-2010-3614",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3614"
},
{
"name": "CVE-2011-3224",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3224"
},
{
"name": "CVE-2011-3226",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3226"
},
{
"name": "CVE-2011-0260",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0260"
},
{
"name": "CVE-2011-2690",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2690"
},
{
"name": "CVE-2011-3215",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3215"
},
{
"name": "CVE-2010-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3613"
},
{
"name": "CVE-2011-1521",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1521"
},
{
"name": "CVE-2011-1467",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1467"
},
{
"name": "CVE-2011-1755",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1755"
},
{
"name": "CVE-2011-3246",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3246"
},
{
"name": "CVE-2011-3435",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3435"
},
{
"name": "CVE-2011-2691",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2691"
},
{
"name": "CVE-2011-3437",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3437"
},
{
"name": "CVE-2011-0251",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0251"
},
{
"name": "CVE-2011-1470",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1470"
},
{
"name": "CVE-2011-3225",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3225"
},
{
"name": "CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
},
{
"name": "CVE-2010-3718",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3718"
},
{
"name": "CVE-2011-2464",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2464"
},
{
"name": "CVE-2010-3436",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3436"
},
{
"name": "CVE-2010-0097",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0097"
},
{
"name": "CVE-2011-0707",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0707"
},
{
"name": "CVE-2011-0252",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0252"
},
{
"name": "CVE-2011-0224",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0224"
},
{
"name": "CVE-2010-2089",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2089"
},
{
"name": "CVE-2011-0420",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0420"
},
{
"name": "CVE-2010-1157",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1157"
},
{
"name": "CVE-2011-0419",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0419"
},
{
"name": "CVE-2011-1468",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1468"
},
{
"name": "CVE-2011-3223",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3223"
},
{
"name": "CVE-2011-0185",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0185"
}
],
"initial_release_date": "2011-10-13T00:00:00",
"last_revision_date": "2011-10-13T00:00:00",
"links": [
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-3436 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-3436"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0708 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0708"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1467 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1467"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1910 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1910"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3217 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3217"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1153 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1153"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3220 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3220"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-3614 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-3614"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0420 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0420"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0411 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0411"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0224 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0224"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-3613 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-3613"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3225 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3225"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0249 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0249"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3227 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3227"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1521 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1521"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0185 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0185"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0252 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0252"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0226 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0226"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-4645 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-4645"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3213 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3213"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3221 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3221"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1471 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1471"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3435 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3435"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3218 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3218"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0013 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0013"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-1634 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-1634"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0250 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0250"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3224 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3224"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0259 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0259"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-2690 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-2690"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3226 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3226"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3216 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3216"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3212 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3212"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-2089 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-2089"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-3718 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-3718"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0260 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0260"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3214 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3214"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-1157 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-1157"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0707 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0707"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3223 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3223"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3246 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3246"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-2227 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-2227"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-4172 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-4172"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3436 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3436"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-2691 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-2691"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3437 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3437"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2009-4022 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2009-4022"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0187 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0187"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3192 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3192"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1755 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1755"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2010-0097 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-0097"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0419 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0419"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1466 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1466"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0421 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0421"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0251 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0251"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3219 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3219"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0229 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0229"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3222 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3222"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0534 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0534"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3228 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3228"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-3215 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3215"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1092 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1092"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0230 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0230"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1470 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1470"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-0231 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0231"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-2692 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-2692"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1468 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1468"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-2464 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-2464"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2011-1469 :",
"url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1469"
}
],
"reference": "CERTA-2011-AVI-564",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-10-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans Mac OS X ont \u00e9t\u00e9 corrig\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT5002 du 12 octobre 2011",
"url": "http://docs.info.apple.com/article.html?artnum=HT5002"
}
]
}
CERTA-2011-AVI-146
Vulnerability from certfr_avis - Published: 2011-03-10 - Updated: 2011-03-10
Une vulnérabilité dans la gestion du protocole TLS permet à un attaquant d'insérer des commandes dans les communications SMTP d'une victime.
Description
Il est possible à un attaquant en position d'interception (man in the middle) d'insérer des commandes SMTP lorsqu'un client souhaite utiliser une connexion sécurisée au moyen de la commande STARTTLS, qui est un message transmis en clair. Ces commandes sont alors interprétées par le serveur dans le contexte d'une connexion sécurisée.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Postfix | Postfix | Postfix versions 2.5.x strictement inférieures à 2.5.12 ; | ||
| Postfix | Postfix | Postfix versions 2.6.x strictement inférieures à 2.6.9 ; | ||
| Postfix | Postfix | Postfix versions 2.7.x strictement inférieures à 2.7.3 ; | ||
| Postfix | Postfix | Postfix versions 2.4.x strictement inférieures à 2.4.16. |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Postfix versions 2.5.x strictement inf\u00e9rieures \u00e0 2.5.12 ;",
"product": {
"name": "Postfix",
"vendor": {
"name": "Postfix",
"scada": false
}
}
},
{
"description": "Postfix versions 2.6.x strictement inf\u00e9rieures \u00e0 2.6.9 ;",
"product": {
"name": "Postfix",
"vendor": {
"name": "Postfix",
"scada": false
}
}
},
{
"description": "Postfix versions 2.7.x strictement inf\u00e9rieures \u00e0 2.7.3 ;",
"product": {
"name": "Postfix",
"vendor": {
"name": "Postfix",
"scada": false
}
}
},
{
"description": "Postfix versions 2.4.x strictement inf\u00e9rieures \u00e0 2.4.16.",
"product": {
"name": "Postfix",
"vendor": {
"name": "Postfix",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nIl est possible \u00e0 un attaquant en position d\u0027interception (man in the\nmiddle) d\u0027ins\u00e9rer des commandes SMTP lorsqu\u0027un client souhaite utiliser\nune connexion s\u00e9curis\u00e9e au moyen de la commande STARTTLS, qui est un\nmessage transmis en clair. Ces commandes sont alors interpr\u00e9t\u00e9es par le\nserveur dans le contexte d\u0027une connexion s\u00e9curis\u00e9e.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
}
],
"initial_release_date": "2011-03-10T00:00:00",
"last_revision_date": "2011-03-10T00:00:00",
"links": [
{
"title": "Description d\u00e9taill\u00e9e de la vuln\u00e9rabilit\u00e9 CVE-2011-0411 :",
"url": "http://www.postfix.org/CVE-2011-0411.html"
}
],
"reference": "CERTA-2011-AVI-146",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-03-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans la gestion du protocole TLS permet \u00e0 un attaquant\nd\u0027ins\u00e9rer des commandes dans les communications SMTP d\u0027une victime.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Postfix",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de mise \u00e0 jour Postfix du 7 mars 2011",
"url": "http://www.postfix.org/announcements/postfix-2.7.3.html"
}
]
}
CERTFR-2022-AVI-267
Vulnerability from certfr_avis - Published: 2022-03-23 - Updated: 2022-03-23
De multiples vulnérabilités ont été découvertes dans Juniper Networks Junos Space. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space | Juniper Networks Junos Space versions antérieures à 21.1R1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Networks Junos Space versions ant\u00e9rieures \u00e0 21.1R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-13078",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13078"
},
{
"name": "CVE-2017-13077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
},
{
"name": "CVE-2017-13080",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
},
{
"name": "CVE-2017-13082",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13082"
},
{
"name": "CVE-2017-13088",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13088"
},
{
"name": "CVE-2017-13086",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13086"
},
{
"name": "CVE-2017-13087",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13087"
},
{
"name": "CVE-2017-5715",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2007-1351",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1351"
},
{
"name": "CVE-2007-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1352"
},
{
"name": "CVE-2007-6284",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6284"
},
{
"name": "CVE-2008-2935",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2935"
},
{
"name": "CVE-2008-3281",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3281"
},
{
"name": "CVE-2008-3529",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
},
{
"name": "CVE-2008-4226",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4226"
},
{
"name": "CVE-2008-4225",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4225"
},
{
"name": "CVE-2009-2414",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
},
{
"name": "CVE-2009-2416",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
},
{
"name": "CVE-2008-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
},
{
"name": "CVE-2010-4008",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
},
{
"name": "CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
},
{
"name": "CVE-2011-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1720"
},
{
"name": "CVE-2011-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
},
{
"name": "CVE-2011-2834",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
},
{
"name": "CVE-2011-2895",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2895"
},
{
"name": "CVE-2011-3905",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
},
{
"name": "CVE-2011-3919",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
},
{
"name": "CVE-2012-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
},
{
"name": "CVE-2011-1944",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
},
{
"name": "CVE-2012-2807",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2012-5134",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
},
{
"name": "CVE-2011-3102",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
},
{
"name": "CVE-2013-2877",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2877"
},
{
"name": "CVE-2013-0338",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0338"
},
{
"name": "CVE-2012-6139",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
},
{
"name": "CVE-2013-2566",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
},
{
"name": "CVE-2013-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6462"
},
{
"name": "CVE-2014-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0211"
},
{
"name": "CVE-2014-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
},
{
"name": "CVE-2015-1803",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1803"
},
{
"name": "CVE-2015-1804",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1804"
},
{
"name": "CVE-2015-1802",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1802"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2015-5352",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5352"
},
{
"name": "CVE-2015-2808",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
},
{
"name": "CVE-2014-8991",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8991"
},
{
"name": "CVE-2014-7185",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7185"
},
{
"name": "CVE-2014-9365",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9365"
},
{
"name": "CVE-2015-6838",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6838"
},
{
"name": "CVE-2015-6837",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6837"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2015-7499",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
},
{
"name": "CVE-2015-8242",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
},
{
"name": "CVE-2015-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2015-5312",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
},
{
"name": "CVE-2016-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
},
{
"name": "CVE-2016-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
},
{
"name": "CVE-2016-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
},
{
"name": "CVE-2016-1834",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
},
{
"name": "CVE-2016-1840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
},
{
"name": "CVE-2016-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
},
{
"name": "CVE-2016-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
},
{
"name": "CVE-2016-1684",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
},
{
"name": "CVE-2016-1683",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2015-0975",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0975"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2016-3115",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3115"
},
{
"name": "CVE-2016-5636",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5636"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2017-7376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7376"
},
{
"name": "CVE-2017-7773",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7773"
},
{
"name": "CVE-2017-7772",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7772"
},
{
"name": "CVE-2017-7778",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7778"
},
{
"name": "CVE-2017-7771",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7771"
},
{
"name": "CVE-2017-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7774"
},
{
"name": "CVE-2017-7776",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7776"
},
{
"name": "CVE-2017-7777",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7777"
},
{
"name": "CVE-2017-7775",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7775"
},
{
"name": "CVE-2017-6463",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6463"
},
{
"name": "CVE-2017-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6462"
},
{
"name": "CVE-2017-6464",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6464"
},
{
"name": "CVE-2017-14492",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14492"
},
{
"name": "CVE-2017-14496",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14496"
},
{
"name": "CVE-2017-14491",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
},
{
"name": "CVE-2017-14493",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14493"
},
{
"name": "CVE-2017-14494",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14494"
},
{
"name": "CVE-2017-14495",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14495"
},
{
"name": "CVE-2017-5130",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5130"
},
{
"name": "CVE-2017-3736",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
},
{
"name": "CVE-2017-3735",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
},
{
"name": "CVE-2017-15412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
},
{
"name": "CVE-2017-3738",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
},
{
"name": "CVE-2017-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3737"
},
{
"name": "CVE-2017-17807",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17807"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2018-11214",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
},
{
"name": "CVE-2015-9019",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2017-16932",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2018-1000120",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000120"
},
{
"name": "CVE-2018-1000007",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000007"
},
{
"name": "CVE-2018-1000121",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000121"
},
{
"name": "CVE-2018-1000122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000122"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2018-6914",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6914"
},
{
"name": "CVE-2017-0898",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0898"
},
{
"name": "CVE-2018-8778",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8778"
},
{
"name": "CVE-2017-14033",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14033"
},
{
"name": "CVE-2018-8780",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8780"
},
{
"name": "CVE-2017-17742",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17742"
},
{
"name": "CVE-2017-10784",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10784"
},
{
"name": "CVE-2017-17405",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17405"
},
{
"name": "CVE-2018-8779",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8779"
},
{
"name": "CVE-2017-14064",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14064"
},
{
"name": "CVE-2018-8777",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8777"
},
{
"name": "CVE-2018-16395",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16395"
},
{
"name": "CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"name": "CVE-2018-16396",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16396"
},
{
"name": "CVE-2018-0495",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
},
{
"name": "CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"name": "CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"name": "CVE-2018-1126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
},
{
"name": "CVE-2018-7858",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7858"
},
{
"name": "CVE-2018-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
},
{
"name": "CVE-2018-10897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
},
{
"name": "CVE-2018-1064",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1064"
},
{
"name": "CVE-2018-5683",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5683"
},
{
"name": "CVE-2017-13672",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13672"
},
{
"name": "CVE-2018-11212",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11212"
},
{
"name": "CVE-2017-18267",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18267"
},
{
"name": "CVE-2018-13988",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13988"
},
{
"name": "CVE-2018-20169",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20169"
},
{
"name": "CVE-2018-19985",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19985"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-6133",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6133"
},
{
"name": "CVE-2018-18311",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18311"
},
{
"name": "CVE-2018-12127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
},
{
"name": "CVE-2018-12130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
},
{
"name": "CVE-2019-11091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
},
{
"name": "CVE-2018-12126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
},
{
"name": "CVE-2019-9503",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
},
{
"name": "CVE-2019-10132",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10132"
},
{
"name": "CVE-2019-11190",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11190"
},
{
"name": "CVE-2019-11884",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11884"
},
{
"name": "CVE-2019-11487",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11487"
},
{
"name": "CVE-2019-12382",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12382"
},
{
"name": "CVE-2018-7191",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7191"
},
{
"name": "CVE-2019-5953",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5953"
},
{
"name": "CVE-2019-12614",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12614"
},
{
"name": "CVE-2019-11729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2018-1060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1060"
},
{
"name": "CVE-2018-12327",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12327"
},
{
"name": "CVE-2018-1061",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1061"
},
{
"name": "CVE-2019-10639",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10639"
},
{
"name": "CVE-2019-10638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10638"
},
{
"name": "CVE-2018-20836",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20836"
},
{
"name": "CVE-2019-13233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13233"
},
{
"name": "CVE-2019-14283",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14283"
},
{
"name": "CVE-2019-13648",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13648"
},
{
"name": "CVE-2019-10207",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10207"
},
{
"name": "CVE-2015-9289",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9289"
},
{
"name": "CVE-2019-14816",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14816"
},
{
"name": "CVE-2019-15239",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15239"
},
{
"name": "CVE-2019-15917",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15917"
},
{
"name": "CVE-2017-18551",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18551"
},
{
"name": "CVE-2019-15217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15217"
},
{
"name": "CVE-2019-14821",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14821"
},
{
"name": "CVE-2019-11068",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11068"
},
{
"name": "CVE-2018-18066",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18066"
},
{
"name": "CVE-2019-15903",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
},
{
"name": "CVE-2019-17666",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17666"
},
{
"name": "CVE-2019-17133",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17133"
},
{
"name": "CVE-2018-12207",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12207"
},
{
"name": "CVE-2019-11135",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
},
{
"name": "CVE-2019-0154",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0154"
},
{
"name": "CVE-2019-17055",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17055"
},
{
"name": "CVE-2019-17053",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17053"
},
{
"name": "CVE-2019-16746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
},
{
"name": "CVE-2019-0155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0155"
},
{
"name": "CVE-2019-16233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16233"
},
{
"name": "CVE-2019-15807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15807"
},
{
"name": "CVE-2019-16231",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16231"
},
{
"name": "CVE-2019-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
},
{
"name": "CVE-2019-11745",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
},
{
"name": "CVE-2019-19058",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19058"
},
{
"name": "CVE-2019-14895",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14895"
},
{
"name": "CVE-2019-19046",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19046"
},
{
"name": "CVE-2019-15916",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15916"
},
{
"name": "CVE-2019-18660",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18660"
},
{
"name": "CVE-2019-19063",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19063"
},
{
"name": "CVE-2019-19062",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19062"
},
{
"name": "CVE-2018-14526",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14526"
},
{
"name": "CVE-2019-13734",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13734"
},
{
"name": "CVE-2019-19530",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19530"
},
{
"name": "CVE-2019-19534",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19534"
},
{
"name": "CVE-2019-19524",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19524"
},
{
"name": "CVE-2019-14901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14901"
},
{
"name": "CVE-2019-19537",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19537"
},
{
"name": "CVE-2019-19523",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19523"
},
{
"name": "CVE-2019-19338",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19338"
},
{
"name": "CVE-2019-19332",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19332"
},
{
"name": "CVE-2019-19527",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19527"
},
{
"name": "CVE-2019-18808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18808"
},
{
"name": "CVE-2019-19767",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19767"
},
{
"name": "CVE-2019-19807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19807"
},
{
"name": "CVE-2019-19055",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19055"
},
{
"name": "CVE-2019-17023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
},
{
"name": "CVE-2019-9824",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9824"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2019-12749",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
},
{
"name": "CVE-2019-19447",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19447"
},
{
"name": "CVE-2019-20095",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20095"
},
{
"name": "CVE-2019-20054",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20054"
},
{
"name": "CVE-2019-18634",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18634"
},
{
"name": "CVE-2019-14898",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14898"
},
{
"name": "CVE-2019-16994",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16994"
},
{
"name": "CVE-2019-18282",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18282"
},
{
"name": "CVE-2020-2732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2732"
},
{
"name": "CVE-2019-19059",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19059"
},
{
"name": "CVE-2019-3901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3901"
},
{
"name": "CVE-2020-9383",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9383"
},
{
"name": "CVE-2020-8647",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8647"
},
{
"name": "CVE-2020-8649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8649"
},
{
"name": "CVE-2020-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
},
{
"name": "CVE-2019-9458",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9458"
},
{
"name": "CVE-2020-10942",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10942"
},
{
"name": "CVE-2019-9454",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9454"
},
{
"name": "CVE-2020-11565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11565"
},
{
"name": "CVE-2020-10690",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10690"
},
{
"name": "CVE-2020-10751",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10751"
},
{
"name": "CVE-2020-12826",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12826"
},
{
"name": "CVE-2020-12654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12654"
},
{
"name": "CVE-2020-10732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10732"
},
{
"name": "CVE-2019-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20636"
},
{
"name": "CVE-2019-20811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20811"
},
{
"name": "CVE-2020-12653",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12653"
},
{
"name": "CVE-2020-10757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10757"
},
{
"name": "CVE-2020-12770",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12770"
},
{
"name": "CVE-2020-12888",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12888"
},
{
"name": "CVE-2020-12402",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12402"
},
{
"name": "CVE-2018-16881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
},
{
"name": "CVE-2018-19519",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19519"
},
{
"name": "CVE-2020-10713",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10713"
},
{
"name": "CVE-2020-14311",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14311"
},
{
"name": "CVE-2020-14309",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14309"
},
{
"name": "CVE-2020-15706",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15706"
},
{
"name": "CVE-2020-14308",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14308"
},
{
"name": "CVE-2020-14310",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14310"
},
{
"name": "CVE-2020-15705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15705"
},
{
"name": "CVE-2020-15707",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15707"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2020-10769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10769"
},
{
"name": "CVE-2020-14364",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14364"
},
{
"name": "CVE-2020-12400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
},
{
"name": "CVE-2020-12401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
},
{
"name": "CVE-2020-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2020-14305",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
},
{
"name": "CVE-2020-10742",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10742"
},
{
"name": "CVE-2020-14385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
},
{
"name": "CVE-2020-25643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
},
{
"name": "CVE-2020-15999",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15999"
},
{
"name": "CVE-2018-20843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20843"
},
{
"name": "CVE-2018-5729",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5729"
},
{
"name": "CVE-2018-5730",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5730"
},
{
"name": "CVE-2020-13817",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13817"
},
{
"name": "CVE-2020-11868",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11868"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2019-17006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
},
{
"name": "CVE-2019-13232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13232"
},
{
"name": "CVE-2020-10531",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10531"
},
{
"name": "CVE-2019-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8696"
},
{
"name": "CVE-2019-20907",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20907"
},
{
"name": "CVE-2019-8675",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8675"
},
{
"name": "CVE-2017-12652",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
},
{
"name": "CVE-2019-12450",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12450"
},
{
"name": "CVE-2020-12825",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12825"
},
{
"name": "CVE-2020-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12243"
},
{
"name": "CVE-2019-14866",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14866"
},
{
"name": "CVE-2020-1983",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1983"
},
{
"name": "CVE-2019-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5188"
},
{
"name": "CVE-2019-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5094"
},
{
"name": "CVE-2020-10754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10754"
},
{
"name": "CVE-2020-12049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
},
{
"name": "CVE-2019-14822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14822"
},
{
"name": "CVE-2020-14363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
},
{
"name": "CVE-2019-9924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
},
{
"name": "CVE-2018-18751",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18751"
},
{
"name": "CVE-2019-9948",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9948"
},
{
"name": "CVE-2019-20386",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20386"
},
{
"name": "CVE-2017-13722",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13722"
},
{
"name": "CVE-2014-0210",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0210"
},
{
"name": "CVE-2018-16403",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16403"
},
{
"name": "CVE-2018-15746",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15746"
},
{
"name": "CVE-2014-6272",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6272"
},
{
"name": "CVE-2019-7638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7638"
},
{
"name": "CVE-2015-8241",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8241"
},
{
"name": "CVE-2019-10155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10155"
},
{
"name": "CVE-2018-11813",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11813"
},
{
"name": "CVE-2018-18310",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18310"
},
{
"name": "CVE-2018-1084",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1084"
},
{
"name": "CVE-2020-12662",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12662"
},
{
"name": "CVE-2012-4423",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4423"
},
{
"name": "CVE-2017-0902",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0902"
},
{
"name": "CVE-2018-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8945"
},
{
"name": "CVE-2017-0899",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0899"
},
{
"name": "CVE-2010-2239",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2239"
},
{
"name": "CVE-2010-2242",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2242"
},
{
"name": "CVE-2017-14167",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14167"
},
{
"name": "CVE-2015-0225",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0225"
},
{
"name": "CVE-2019-11324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11324"
},
{
"name": "CVE-2013-6458",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6458"
},
{
"name": "CVE-2018-1000075",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000075"
},
{
"name": "CVE-2018-15857",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15857"
},
{
"name": "CVE-2018-16062",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16062"
},
{
"name": "CVE-2018-10534",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10534"
},
{
"name": "CVE-2014-0179",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0179"
},
{
"name": "CVE-2018-18384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18384"
},
{
"name": "CVE-2013-1766",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1766"
},
{
"name": "CVE-2016-6580",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6580"
},
{
"name": "CVE-2018-12697",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12697"
},
{
"name": "CVE-2018-1000301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000301"
},
{
"name": "CVE-2019-11236",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
},
{
"name": "CVE-2019-12155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12155"
},
{
"name": "CVE-2017-0900",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0900"
},
{
"name": "CVE-2014-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3598"
},
{
"name": "CVE-2017-1000050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000050"
},
{
"name": "CVE-2018-10535",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10535"
},
{
"name": "CVE-2019-3820",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3820"
},
{
"name": "CVE-2018-16402",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16402"
},
{
"name": "CVE-2018-1116",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1116"
},
{
"name": "CVE-2018-15853",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15853"
},
{
"name": "CVE-2019-14378",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14378"
},
{
"name": "CVE-2016-1494",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1494"
},
{
"name": "CVE-2019-12312",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12312"
},
{
"name": "CVE-2013-0339",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0339"
},
{
"name": "CVE-2019-16935",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16935"
},
{
"name": "CVE-2015-6525",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6525"
},
{
"name": "CVE-2016-6581",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6581"
},
{
"name": "CVE-2013-4520",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4520"
},
{
"name": "CVE-2014-3633",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3633"
},
{
"name": "CVE-2014-3004",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3004"
},
{
"name": "CVE-2015-9381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9381"
},
{
"name": "CVE-2016-5361",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5361"
},
{
"name": "CVE-2018-14598",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14598"
},
{
"name": "CVE-2014-1447",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1447"
},
{
"name": "CVE-2018-20852",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20852"
},
{
"name": "CVE-2012-2693",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2693"
},
{
"name": "CVE-2018-7208",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7208"
},
{
"name": "CVE-2018-12910",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12910"
},
{
"name": "CVE-2019-8325",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8325"
},
{
"name": "CVE-2015-7497",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7497"
},
{
"name": "CVE-2019-7665",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7665"
},
{
"name": "CVE-2018-15854",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15854"
},
{
"name": "CVE-2019-13404",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13404"
},
{
"name": "CVE-2015-5160",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5160"
},
{
"name": "CVE-2018-10767",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10767"
},
{
"name": "CVE-2018-7550",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7550"
},
{
"name": "CVE-2016-3076",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3076"
},
{
"name": "CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"name": "CVE-2018-18521",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18521"
},
{
"name": "CVE-2018-19788",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19788"
},
{
"name": "CVE-2019-8322",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8322"
},
{
"name": "CVE-2019-3840",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3840"
},
{
"name": "CVE-2016-9189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9189"
},
{
"name": "CVE-2015-9262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
},
{
"name": "CVE-2018-14647",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14647"
},
{
"name": "CVE-2019-17041",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17041"
},
{
"name": "CVE-2019-14906",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14906"
},
{
"name": "CVE-2018-1000073",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000073"
},
{
"name": "CVE-2019-9947",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
},
{
"name": "CVE-2017-1000158",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000158"
},
{
"name": "CVE-2019-7635",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7635"
},
{
"name": "CVE-2019-7576",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7576"
},
{
"name": "CVE-2019-14834",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14834"
},
{
"name": "CVE-2018-15855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15855"
},
{
"name": "CVE-2019-7149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7149"
},
{
"name": "CVE-2018-7642",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7642"
},
{
"name": "CVE-2019-5010",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5010"
},
{
"name": "CVE-2018-12641",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12641"
},
{
"name": "CVE-2021-3396",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3396"
},
{
"name": "CVE-2020-12403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
},
{
"name": "CVE-2017-15268",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15268"
},
{
"name": "CVE-2018-15587",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15587"
},
{
"name": "CVE-2016-10746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10746"
},
{
"name": "CVE-2017-13711",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13711"
},
{
"name": "CVE-2014-8131",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8131"
},
{
"name": "CVE-2014-9601",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9601"
},
{
"name": "CVE-2014-3657",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3657"
},
{
"name": "CVE-2018-10373",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10373"
},
{
"name": "CVE-2017-17790",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17790"
},
{
"name": "CVE-2011-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2511"
},
{
"name": "CVE-2018-1000802",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000802"
},
{
"name": "CVE-2017-7555",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7555"
},
{
"name": "CVE-2016-9015",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9015"
},
{
"name": "CVE-2017-13720",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13720"
},
{
"name": "CVE-2018-11782",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11782"
},
{
"name": "CVE-2017-11671",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11671"
},
{
"name": "CVE-2017-10664",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10664"
},
{
"name": "CVE-2018-11213",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11213"
},
{
"name": "CVE-2013-6457",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6457"
},
{
"name": "CVE-2019-10138",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10138"
},
{
"name": "CVE-2019-7578",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7578"
},
{
"name": "CVE-2020-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7039"
},
{
"name": "CVE-2017-11368",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11368"
},
{
"name": "CVE-2018-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0494"
},
{
"name": "CVE-2019-20485",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20485"
},
{
"name": "CVE-2003-1418",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-1418"
},
{
"name": "CVE-2017-15289",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15289"
},
{
"name": "CVE-2016-5391",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5391"
},
{
"name": "CVE-2017-2810",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2810"
},
{
"name": "CVE-2018-15864",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15864"
},
{
"name": "CVE-2017-18207",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18207"
},
{
"name": "CVE-2019-12761",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12761"
},
{
"name": "CVE-2013-5651",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5651"
},
{
"name": "CVE-2017-17522",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17522"
},
{
"name": "CVE-2019-20382",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20382"
},
{
"name": "CVE-2016-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2533"
},
{
"name": "CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"name": "CVE-2018-18520",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18520"
},
{
"name": "CVE-2019-9740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
},
{
"name": "CVE-2019-7575",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7575"
},
{
"name": "CVE-2015-5652",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5652"
},
{
"name": "CVE-2019-7572",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7572"
},
{
"name": "CVE-2017-6519",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6519"
},
{
"name": "CVE-2018-10906",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10906"
},
{
"name": "CVE-2018-15863",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15863"
},
{
"name": "CVE-2018-15862",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15862"
},
{
"name": "CVE-2018-1000079",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000079"
},
{
"name": "CVE-2019-7664",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7664"
},
{
"name": "CVE-2017-5992",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5992"
},
{
"name": "CVE-2019-16865",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16865"
},
{
"name": "CVE-2019-8324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8324"
},
{
"name": "CVE-2018-1000076",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000076"
},
{
"name": "CVE-2018-1000030",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000030"
},
{
"name": "CVE-2018-1000074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000074"
},
{
"name": "CVE-2017-0901",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0901"
},
{
"name": "CVE-2018-7568",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7568"
},
{
"name": "CVE-2016-0775",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0775"
},
{
"name": "CVE-2018-15688",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15688"
},
{
"name": "CVE-2018-14599",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14599"
},
{
"name": "CVE-2018-10733",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10733"
},
{
"name": "CVE-2016-9396",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9396"
},
{
"name": "CVE-2019-10160",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10160"
},
{
"name": "CVE-2017-7562",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7562"
},
{
"name": "CVE-2016-1000032",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000032"
},
{
"name": "CVE-2017-15124",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15124"
},
{
"name": "CVE-2018-1113",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1113"
},
{
"name": "CVE-2013-4399",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4399"
},
{
"name": "CVE-2019-7636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7636"
},
{
"name": "CVE-2014-3672",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3672"
},
{
"name": "CVE-2018-4700",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4700"
},
{
"name": "CVE-2017-0903",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0903"
},
{
"name": "CVE-2018-15856",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15856"
},
{
"name": "CVE-2018-1000078",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000078"
},
{
"name": "CVE-2019-7573",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7573"
},
{
"name": "CVE-2018-1000077",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000077"
},
{
"name": "CVE-2010-2237",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2237"
},
{
"name": "CVE-2018-1000876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000876"
},
{
"name": "CVE-2018-14348",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14348"
},
{
"name": "CVE-2019-3890",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3890"
},
{
"name": "CVE-2015-7498",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7498"
},
{
"name": "CVE-2019-7577",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7577"
},
{
"name": "CVE-2016-0740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0740"
},
{
"name": "CVE-2018-4180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4180"
},
{
"name": "CVE-2013-4297",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4297"
},
{
"name": "CVE-2010-2238",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2238"
},
{
"name": "CVE-2018-14600",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14600"
},
{
"name": "CVE-2017-13090",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13090"
},
{
"name": "CVE-2013-7336",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7336"
},
{
"name": "CVE-2018-10372",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10372"
},
{
"name": "CVE-2019-7637",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7637"
},
{
"name": "CVE-2018-11806",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11806"
},
{
"name": "CVE-2018-7643",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7643"
},
{
"name": "CVE-2015-0236",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0236"
},
{
"name": "CVE-2018-1000117",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000117"
},
{
"name": "CVE-2014-0209",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0209"
},
{
"name": "CVE-2013-2230",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2230"
},
{
"name": "CVE-2018-1122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1122"
},
{
"name": "CVE-2014-3960",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3960"
},
{
"name": "CVE-2019-16056",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16056"
},
{
"name": "CVE-2020-12663",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12663"
},
{
"name": "CVE-2018-10768",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10768"
},
{
"name": "CVE-2017-16611",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16611"
},
{
"name": "CVE-2014-7823",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7823"
},
{
"name": "CVE-2020-10703",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10703"
},
{
"name": "CVE-2018-7569",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7569"
},
{
"name": "CVE-2013-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4154"
},
{
"name": "CVE-2018-20060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
},
{
"name": "CVE-2015-9382",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9382"
},
{
"name": "CVE-2017-18190",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18190"
},
{
"name": "CVE-2016-4009",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4009"
},
{
"name": "CVE-2018-13033",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13033"
},
{
"name": "CVE-2016-9190",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9190"
},
{
"name": "CVE-2019-7574",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7574"
},
{
"name": "CVE-2016-0772",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0772"
},
{
"name": "CVE-2016-5699",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5699"
},
{
"name": "CVE-2011-1486",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1486"
},
{
"name": "CVE-2020-5208",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5208"
},
{
"name": "CVE-2019-6778",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6778"
},
{
"name": "CVE-2020-10772",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10772"
},
{
"name": "CVE-2020-25637",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25637"
},
{
"name": "CVE-2018-10360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10360"
},
{
"name": "CVE-2018-15859",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15859"
},
{
"name": "CVE-2017-13089",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13089"
},
{
"name": "CVE-2019-12779",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12779"
},
{
"name": "CVE-2019-1010238",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010238"
},
{
"name": "CVE-2019-6690",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6690"
},
{
"name": "CVE-2015-8317",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8317"
},
{
"name": "CVE-2018-4181",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4181"
},
{
"name": "CVE-2019-8323",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8323"
},
{
"name": "CVE-2016-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3616"
},
{
"name": "CVE-2018-14498",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14498"
},
{
"name": "CVE-2018-15861",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15861"
},
{
"name": "CVE-2019-7150",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7150"
},
{
"name": "CVE-2019-17042",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17042"
},
{
"name": "CVE-2016-5008",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5008"
},
{
"name": "CVE-2014-4616",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4616"
}
],
"initial_release_date": "2022-03-23T00:00:00",
"last_revision_date": "2022-03-23T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-267",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper Networks\nJunos Space. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Networks Junos Space",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11176 du 22 mars 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11176\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
GSD-2011-0411
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2011-0411",
"description": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack.",
"id": "GSD-2011-0411",
"references": [
"https://www.suse.com/security/cve/CVE-2011-0411.html",
"https://www.debian.org/security/2011/dsa-2233",
"https://access.redhat.com/errata/RHSA-2011:0423",
"https://access.redhat.com/errata/RHSA-2011:0422",
"https://linux.oracle.com/cve/CVE-2011-0411.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2011-0411"
],
"details": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack.",
"id": "GSD-2011-0411",
"modified": "2023-12-13T01:19:04.149135Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-0411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "multiple-starttls-command-execution(65932)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"name": "http://www.postfix.org/CVE-2011-0411.html",
"refsource": "CONFIRM",
"url": "http://www.postfix.org/CVE-2011-0411.html"
},
{
"name": "43646",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43646"
},
{
"name": "SUSE-SR:2011:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "71021",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/71021"
},
{
"name": "ADV-2011-0752",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"name": "ADV-2011-0891",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0891"
},
{
"name": "GLSA-201206-33",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"name": "FEDORA-2011-3355",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html"
},
{
"name": "43874",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43874"
},
{
"name": "FEDORA-2011-3394",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html"
},
{
"name": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "ADV-2011-0611",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"name": "46767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46767"
},
{
"name": "RHSA-2011:0423",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0423.html"
},
{
"name": "VU#555316",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"name": "1025179",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025179"
},
{
"name": "RHSA-2011:0422",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "DSA-2233",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"name": "[oss-security] 20210810 STARTTLS vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-0411"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43646",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43646"
},
{
"name": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z",
"refsource": "CONFIRM",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z"
},
{
"name": "VU#555316",
"refsource": "CERT-VN",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"name": "46767",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/46767"
},
{
"name": "ADV-2011-0611",
"refsource": "VUPEN",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"name": "71021",
"refsource": "OSVDB",
"tags": [],
"url": "http://www.osvdb.org/71021"
},
{
"name": "1025179",
"refsource": "SECTRACK",
"tags": [],
"url": "http://securitytracker.com/id?1025179"
},
{
"name": "http://www.postfix.org/CVE-2011-0411.html",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.postfix.org/CVE-2011-0411.html"
},
{
"name": "FEDORA-2011-3355",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html"
},
{
"name": "FEDORA-2011-3394",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html"
},
{
"name": "ADV-2011-0752",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"name": "43874",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/43874"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "ADV-2011-0891",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2011/0891"
},
{
"name": "RHSA-2011:0423",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0423.html"
},
{
"name": "DSA-2233",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"name": "RHSA-2011:0422",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"tags": [],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"tags": [],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "GLSA-201206-33",
"refsource": "GENTOO",
"tags": [],
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"name": "SUSE-SR:2011:009",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"tags": [],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "multiple-starttls-command-execution(65932)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"name": "[oss-security] 20210810 STARTTLS vulnerabilities",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2021-08-10T12:15Z",
"publishedDate": "2011-03-16T22:55Z"
}
}
}
RHSA-2011:0422
Vulnerability from csaf_redhat - Published: 2011-04-06 22:56 - Updated: 2026-01-08 09:34Summary
Red Hat Security Advisory: postfix security update
Notes
Topic
Updated postfix packages that fix two security issues are now available for
Red Hat Enterprise Linux 4 and 5.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),
and TLS.
It was discovered that Postfix did not flush the received SMTP commands
buffer after switching to TLS encryption for an SMTP session. A
man-in-the-middle attacker could use this flaw to inject SMTP commands into
a victim's session during the plain text phase. This would lead to those
commands being processed by Postfix after TLS encryption is enabled,
possibly allowing the attacker to steal the victim's mail or authentication
credentials. (CVE-2011-0411)
It was discovered that Postfix did not properly check the permissions of
users' mailbox files. A local attacker able to create files in the mail
spool directory could use this flaw to create mailbox files for other local
users, and be able to read mail delivered to those users. (CVE-2008-2937)
Red Hat would like to thank the CERT/CC for reporting CVE-2011-0411, and
Sebastian Krahmer of the SuSE Security Team for reporting CVE-2008-2937.
The CERT/CC acknowledges Wietse Venema as the original reporter of
CVE-2011-0411.
Users of Postfix are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. After installing this
update, the postfix service will be restarted automatically.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated postfix packages that fix two security issues are now available for\nRed Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),\nand TLS.\n\nIt was discovered that Postfix did not flush the received SMTP commands\nbuffer after switching to TLS encryption for an SMTP session. A\nman-in-the-middle attacker could use this flaw to inject SMTP commands into\na victim\u0027s session during the plain text phase. This would lead to those\ncommands being processed by Postfix after TLS encryption is enabled,\npossibly allowing the attacker to steal the victim\u0027s mail or authentication\ncredentials. (CVE-2011-0411)\n\nIt was discovered that Postfix did not properly check the permissions of\nusers\u0027 mailbox files. A local attacker able to create files in the mail\nspool directory could use this flaw to create mailbox files for other local\nusers, and be able to read mail delivered to those users. (CVE-2008-2937)\n\nRed Hat would like to thank the CERT/CC for reporting CVE-2011-0411, and\nSebastian Krahmer of the SuSE Security Team for reporting CVE-2008-2937.\nThe CERT/CC acknowledges Wietse Venema as the original reporter of\nCVE-2011-0411.\n\nUsers of Postfix are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing this\nupdate, the postfix service will be restarted automatically.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2011:0422",
"url": "https://access.redhat.com/errata/RHSA-2011:0422"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "456347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456347"
},
{
"category": "external",
"summary": "674814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=674814"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_0422.json"
}
],
"title": "Red Hat Security Advisory: postfix security update",
"tracking": {
"current_release_date": "2026-01-08T09:34:30+00:00",
"generator": {
"date": "2026-01-08T09:34:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.14"
}
},
"id": "RHSA-2011:0422",
"initial_release_date": "2011-04-06T22:56:00+00:00",
"revision_history": [
{
"date": "2011-04-06T22:56:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2011-04-06T18:59:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-08T09:34:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5.6.z server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.ia64",
"product": {
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.ia64",
"product_id": "postfix-debuginfo-2:2.3.3-2.2.el5_6.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.3.3-2.2.el5_6?arch=ia64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.ia64",
"product": {
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.ia64",
"product_id": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-pflogsumm@2.3.3-2.2.el5_6?arch=ia64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.3.3-2.2.el5_6.ia64",
"product": {
"name": "postfix-2:2.3.3-2.2.el5_6.ia64",
"product_id": "postfix-2:2.3.3-2.2.el5_6.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.3.3-2.2.el5_6?arch=ia64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.2.10-1.4.el4.ia64",
"product": {
"name": "postfix-2:2.2.10-1.4.el4.ia64",
"product_id": "postfix-2:2.2.10-1.4.el4.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.2.10-1.4.el4?arch=ia64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"product": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"product_id": "postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-pflogsumm@2.2.10-1.4.el4?arch=ia64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"product": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"product_id": "postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.2.10-1.4.el4?arch=ia64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.ppc",
"product": {
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.ppc",
"product_id": "postfix-debuginfo-2:2.3.3-2.2.el5_6.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.3.3-2.2.el5_6?arch=ppc\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.ppc",
"product": {
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.ppc",
"product_id": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-pflogsumm@2.3.3-2.2.el5_6?arch=ppc\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.3.3-2.2.el5_6.ppc",
"product": {
"name": "postfix-2:2.3.3-2.2.el5_6.ppc",
"product_id": "postfix-2:2.3.3-2.2.el5_6.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.3.3-2.2.el5_6?arch=ppc\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.2.10-1.4.el4.ppc",
"product": {
"name": "postfix-2:2.2.10-1.4.el4.ppc",
"product_id": "postfix-2:2.2.10-1.4.el4.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.2.10-1.4.el4?arch=ppc\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"product": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"product_id": "postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-pflogsumm@2.2.10-1.4.el4?arch=ppc\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"product": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"product_id": "postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.2.10-1.4.el4?arch=ppc\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.s390x",
"product": {
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.s390x",
"product_id": "postfix-debuginfo-2:2.3.3-2.2.el5_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.3.3-2.2.el5_6?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.s390x",
"product": {
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.s390x",
"product_id": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-pflogsumm@2.3.3-2.2.el5_6?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.3.3-2.2.el5_6.s390x",
"product": {
"name": "postfix-2:2.3.3-2.2.el5_6.s390x",
"product_id": "postfix-2:2.3.3-2.2.el5_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.3.3-2.2.el5_6?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.2.10-1.4.el4.s390x",
"product": {
"name": "postfix-2:2.2.10-1.4.el4.s390x",
"product_id": "postfix-2:2.2.10-1.4.el4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.2.10-1.4.el4?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"product": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"product_id": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-pflogsumm@2.2.10-1.4.el4?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"product": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"product_id": "postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.2.10-1.4.el4?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.x86_64",
"product": {
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.x86_64",
"product_id": "postfix-debuginfo-2:2.3.3-2.2.el5_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.3.3-2.2.el5_6?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.x86_64",
"product": {
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.x86_64",
"product_id": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-pflogsumm@2.3.3-2.2.el5_6?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.3.3-2.2.el5_6.x86_64",
"product": {
"name": "postfix-2:2.3.3-2.2.el5_6.x86_64",
"product_id": "postfix-2:2.3.3-2.2.el5_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.3.3-2.2.el5_6?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.2.10-1.4.el4.x86_64",
"product": {
"name": "postfix-2:2.2.10-1.4.el4.x86_64",
"product_id": "postfix-2:2.2.10-1.4.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.2.10-1.4.el4?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"product": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"product_id": "postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-pflogsumm@2.2.10-1.4.el4?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"product": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"product_id": "postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.2.10-1.4.el4?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.i386",
"product": {
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.i386",
"product_id": "postfix-debuginfo-2:2.3.3-2.2.el5_6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.3.3-2.2.el5_6?arch=i386\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.i386",
"product": {
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.i386",
"product_id": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-pflogsumm@2.3.3-2.2.el5_6?arch=i386\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.3.3-2.2.el5_6.i386",
"product": {
"name": "postfix-2:2.3.3-2.2.el5_6.i386",
"product_id": "postfix-2:2.3.3-2.2.el5_6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.3.3-2.2.el5_6?arch=i386\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.2.10-1.4.el4.i386",
"product": {
"name": "postfix-2:2.2.10-1.4.el4.i386",
"product_id": "postfix-2:2.2.10-1.4.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.2.10-1.4.el4?arch=i386\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"product": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"product_id": "postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-pflogsumm@2.2.10-1.4.el4?arch=i386\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"product": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"product_id": "postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.2.10-1.4.el4?arch=i386\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "postfix-2:2.3.3-2.2.el5_6.src",
"product": {
"name": "postfix-2:2.3.3-2.2.el5_6.src",
"product_id": "postfix-2:2.3.3-2.2.el5_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.3.3-2.2.el5_6?arch=src\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.2.10-1.4.el4.src",
"product": {
"name": "postfix-2:2.2.10-1.4.el4.src",
"product_id": "postfix-2:2.2.10-1.4.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.2.10-1.4.el4?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "postfix-2:2.2.10-1.4.el4.s390",
"product": {
"name": "postfix-2:2.2.10-1.4.el4.s390",
"product_id": "postfix-2:2.2.10-1.4.el4.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.2.10-1.4.el4?arch=s390\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"product": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"product_id": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-pflogsumm@2.2.10-1.4.el4?arch=s390\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"product": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"product_id": "postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.2.10-1.4.el4?arch=s390\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-2:2.2.10-1.4.el4.i386"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-2:2.2.10-1.4.el4.ia64"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-2:2.2.10-1.4.el4.ppc"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-2:2.2.10-1.4.el4.s390"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-2:2.2.10-1.4.el4.s390x"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-2:2.2.10-1.4.el4.src"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-2:2.2.10-1.4.el4.x86_64"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-debuginfo-2:2.2.10-1.4.el4.i386"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-2:2.2.10-1.4.el4.i386"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-2:2.2.10-1.4.el4.ia64"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-2:2.2.10-1.4.el4.ppc"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-2:2.2.10-1.4.el4.s390"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-2:2.2.10-1.4.el4.s390x"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-2:2.2.10-1.4.el4.src"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-2:2.2.10-1.4.el4.x86_64"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.i386"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ia64"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ppc"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390x"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.i386"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-2:2.2.10-1.4.el4.i386"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-2:2.2.10-1.4.el4.ia64"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-2:2.2.10-1.4.el4.ppc"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-2:2.2.10-1.4.el4.s390"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-2:2.2.10-1.4.el4.s390x"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-2:2.2.10-1.4.el4.src"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-2:2.2.10-1.4.el4.x86_64"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-debuginfo-2:2.2.10-1.4.el4.i386"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ia64"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ppc"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390x"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.i386"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-2:2.2.10-1.4.el4.i386"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-2:2.2.10-1.4.el4.ia64"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-2:2.2.10-1.4.el4.ppc"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-2:2.2.10-1.4.el4.s390"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-2:2.2.10-1.4.el4.s390x"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-2:2.2.10-1.4.el4.src"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.2.10-1.4.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-2:2.2.10-1.4.el4.x86_64"
},
"product_reference": "postfix-2:2.2.10-1.4.el4.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-debuginfo-2:2.2.10-1.4.el4.i386"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.2.10-1.4.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64"
},
"product_reference": "postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.3.3-2.2.el5_6.i386 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.i386"
},
"product_reference": "postfix-2:2.3.3-2.2.el5_6.i386",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.3.3-2.2.el5_6.ia64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ia64"
},
"product_reference": "postfix-2:2.3.3-2.2.el5_6.ia64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.3.3-2.2.el5_6.ppc as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ppc"
},
"product_reference": "postfix-2:2.3.3-2.2.el5_6.ppc",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.3.3-2.2.el5_6.s390x as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.s390x"
},
"product_reference": "postfix-2:2.3.3-2.2.el5_6.s390x",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.3.3-2.2.el5_6.src as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.src"
},
"product_reference": "postfix-2:2.3.3-2.2.el5_6.src",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.3.3-2.2.el5_6.x86_64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.x86_64"
},
"product_reference": "postfix-2:2.3.3-2.2.el5_6.x86_64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.i386 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.i386"
},
"product_reference": "postfix-debuginfo-2:2.3.3-2.2.el5_6.i386",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.ia64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ia64"
},
"product_reference": "postfix-debuginfo-2:2.3.3-2.2.el5_6.ia64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.ppc as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ppc"
},
"product_reference": "postfix-debuginfo-2:2.3.3-2.2.el5_6.ppc",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.s390x as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.s390x"
},
"product_reference": "postfix-debuginfo-2:2.3.3-2.2.el5_6.s390x",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.3.3-2.2.el5_6.x86_64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.3.3-2.2.el5_6.x86_64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.i386 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.i386"
},
"product_reference": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.i386",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.ia64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ia64"
},
"product_reference": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.ia64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.ppc as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ppc"
},
"product_reference": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.ppc",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.s390x as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.s390x"
},
"product_reference": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.s390x",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.x86_64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.x86_64"
},
"product_reference": "postfix-pflogsumm-2:2.3.3-2.2.el5_6.x86_64",
"relates_to_product_reference": "5Server-5.6.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Sebastian Krahmer"
],
"organization": "SuSE Security Team"
}
],
"cve": "CVE-2008-2937",
"discovery_date": "2008-07-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "456347"
}
],
"notes": [
{
"category": "description",
"text": "Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user\u0027s account name.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postfix improper mailbox permissions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:postfix-2:2.2.10-1.4.el4.i386",
"4AS:postfix-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-2:2.2.10-1.4.el4.s390",
"4AS:postfix-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-2:2.2.10-1.4.el4.src",
"4AS:postfix-2:2.2.10-1.4.el4.x86_64",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-2:2.2.10-1.4.el4.src",
"4Desktop:postfix-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-2:2.2.10-1.4.el4.i386",
"4ES:postfix-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-2:2.2.10-1.4.el4.s390",
"4ES:postfix-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-2:2.2.10-1.4.el4.src",
"4ES:postfix-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-2:2.2.10-1.4.el4.i386",
"4WS:postfix-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-2:2.2.10-1.4.el4.s390",
"4WS:postfix-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-2:2.2.10-1.4.el4.src",
"4WS:postfix-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.src",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.x86_64",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.x86_64",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2937"
},
{
"category": "external",
"summary": "RHBZ#456347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456347"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2937",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2937"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2937",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2937"
}
],
"release_date": "2008-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2011-04-06T22:56:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"4AS:postfix-2:2.2.10-1.4.el4.i386",
"4AS:postfix-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-2:2.2.10-1.4.el4.s390",
"4AS:postfix-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-2:2.2.10-1.4.el4.src",
"4AS:postfix-2:2.2.10-1.4.el4.x86_64",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-2:2.2.10-1.4.el4.src",
"4Desktop:postfix-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-2:2.2.10-1.4.el4.i386",
"4ES:postfix-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-2:2.2.10-1.4.el4.s390",
"4ES:postfix-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-2:2.2.10-1.4.el4.src",
"4ES:postfix-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-2:2.2.10-1.4.el4.i386",
"4WS:postfix-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-2:2.2.10-1.4.el4.s390",
"4WS:postfix-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-2:2.2.10-1.4.el4.src",
"4WS:postfix-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.src",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.x86_64",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.x86_64",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2011:0422"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS:postfix-2:2.2.10-1.4.el4.i386",
"4AS:postfix-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-2:2.2.10-1.4.el4.s390",
"4AS:postfix-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-2:2.2.10-1.4.el4.src",
"4AS:postfix-2:2.2.10-1.4.el4.x86_64",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-2:2.2.10-1.4.el4.src",
"4Desktop:postfix-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-2:2.2.10-1.4.el4.i386",
"4ES:postfix-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-2:2.2.10-1.4.el4.s390",
"4ES:postfix-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-2:2.2.10-1.4.el4.src",
"4ES:postfix-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-2:2.2.10-1.4.el4.i386",
"4WS:postfix-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-2:2.2.10-1.4.el4.s390",
"4WS:postfix-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-2:2.2.10-1.4.el4.src",
"4WS:postfix-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.src",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.x86_64",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.x86_64",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "postfix improper mailbox permissions"
},
{
"acknowledgments": [
{
"names": [
"CERT/CC"
]
}
],
"cve": "CVE-2011-0411",
"discovery_date": "2011-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "674814"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postfix: SMTP commands injection during plaintext to TLS session switch",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affected postfix packages in Red Hat Enterprise Linux 4, 5, and 6. It was corrected via RHSA-2011:0422 and RHSA-2011:0423.\n\nThis issue did not affect the versions of sendmail as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6, and the versions of exim as shipped with Red Hat Enterprise Linux 4 and 5.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:postfix-2:2.2.10-1.4.el4.i386",
"4AS:postfix-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-2:2.2.10-1.4.el4.s390",
"4AS:postfix-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-2:2.2.10-1.4.el4.src",
"4AS:postfix-2:2.2.10-1.4.el4.x86_64",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-2:2.2.10-1.4.el4.src",
"4Desktop:postfix-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-2:2.2.10-1.4.el4.i386",
"4ES:postfix-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-2:2.2.10-1.4.el4.s390",
"4ES:postfix-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-2:2.2.10-1.4.el4.src",
"4ES:postfix-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-2:2.2.10-1.4.el4.i386",
"4WS:postfix-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-2:2.2.10-1.4.el4.s390",
"4WS:postfix-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-2:2.2.10-1.4.el4.src",
"4WS:postfix-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.src",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.x86_64",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.x86_64",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-0411"
},
{
"category": "external",
"summary": "RHBZ#674814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=674814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0411",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0411"
}
],
"release_date": "2011-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2011-04-06T22:56:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"4AS:postfix-2:2.2.10-1.4.el4.i386",
"4AS:postfix-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-2:2.2.10-1.4.el4.s390",
"4AS:postfix-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-2:2.2.10-1.4.el4.src",
"4AS:postfix-2:2.2.10-1.4.el4.x86_64",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-2:2.2.10-1.4.el4.src",
"4Desktop:postfix-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-2:2.2.10-1.4.el4.i386",
"4ES:postfix-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-2:2.2.10-1.4.el4.s390",
"4ES:postfix-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-2:2.2.10-1.4.el4.src",
"4ES:postfix-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-2:2.2.10-1.4.el4.i386",
"4WS:postfix-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-2:2.2.10-1.4.el4.s390",
"4WS:postfix-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-2:2.2.10-1.4.el4.src",
"4WS:postfix-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.src",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.x86_64",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.x86_64",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2011:0422"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS:postfix-2:2.2.10-1.4.el4.i386",
"4AS:postfix-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-2:2.2.10-1.4.el4.s390",
"4AS:postfix-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-2:2.2.10-1.4.el4.src",
"4AS:postfix-2:2.2.10-1.4.el4.x86_64",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4AS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-2:2.2.10-1.4.el4.src",
"4Desktop:postfix-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4Desktop:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-2:2.2.10-1.4.el4.i386",
"4ES:postfix-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-2:2.2.10-1.4.el4.s390",
"4ES:postfix-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-2:2.2.10-1.4.el4.src",
"4ES:postfix-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4ES:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-2:2.2.10-1.4.el4.i386",
"4WS:postfix-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-2:2.2.10-1.4.el4.s390",
"4WS:postfix-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-2:2.2.10-1.4.el4.src",
"4WS:postfix-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.i386",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-debuginfo-2:2.2.10-1.4.el4.x86_64",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.i386",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ia64",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.ppc",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.s390x",
"4WS:postfix-pflogsumm-2:2.2.10-1.4.el4.x86_64",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.src",
"5Server-5.6.Z:postfix-2:2.3.3-2.2.el5_6.x86_64",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-debuginfo-2:2.3.3-2.2.el5_6.x86_64",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.i386",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ia64",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.ppc",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.s390x",
"5Server-5.6.Z:postfix-pflogsumm-2:2.3.3-2.2.el5_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "postfix: SMTP commands injection during plaintext to TLS session switch"
}
]
}
RHSA-2011:0423
Vulnerability from csaf_redhat - Published: 2011-04-06 23:08 - Updated: 2026-01-08 09:34Summary
Red Hat Security Advisory: postfix security update
Notes
Topic
Updated postfix packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),
and TLS.
It was discovered that Postfix did not flush the received SMTP commands
buffer after switching to TLS encryption for an SMTP session. A
man-in-the-middle attacker could use this flaw to inject SMTP commands into
a victim's session during the plain text phase. This would lead to those
commands being processed by Postfix after TLS encryption is enabled,
possibly allowing the attacker to steal the victim's mail or authentication
credentials. (CVE-2011-0411)
Red Hat would like to thank the CERT/CC for reporting CVE-2011-0411. The
CERT/CC acknowledges Wietse Venema as the original reporter.
Users of Postfix are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing this
update, the postfix service will be restarted automatically.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated postfix packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),\nand TLS.\n\nIt was discovered that Postfix did not flush the received SMTP commands\nbuffer after switching to TLS encryption for an SMTP session. A\nman-in-the-middle attacker could use this flaw to inject SMTP commands into\na victim\u0027s session during the plain text phase. This would lead to those\ncommands being processed by Postfix after TLS encryption is enabled,\npossibly allowing the attacker to steal the victim\u0027s mail or authentication\ncredentials. (CVE-2011-0411)\n\nRed Hat would like to thank the CERT/CC for reporting CVE-2011-0411. The\nCERT/CC acknowledges Wietse Venema as the original reporter.\n\nUsers of Postfix are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing this\nupdate, the postfix service will be restarted automatically.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2011:0423",
"url": "https://access.redhat.com/errata/RHSA-2011:0423"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "674814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=674814"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_0423.json"
}
],
"title": "Red Hat Security Advisory: postfix security update",
"tracking": {
"current_release_date": "2026-01-08T09:34:30+00:00",
"generator": {
"date": "2026-01-08T09:34:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.14"
}
},
"id": "RHSA-2011:0423",
"initial_release_date": "2011-04-06T23:08:00+00:00",
"revision_history": [
{
"date": "2011-04-06T23:08:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2011-04-06T19:11:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-08T09:34:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"product": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"product_id": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.6.6-2.1.el6_0?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"product": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"product_id": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-perl-scripts@2.6.6-2.1.el6_0?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.6.6-2.1.el6_0.i686",
"product": {
"name": "postfix-2:2.6.6-2.1.el6_0.i686",
"product_id": "postfix-2:2.6.6-2.1.el6_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.6.6-2.1.el6_0?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"product": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"product_id": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.6.6-2.1.el6_0?arch=ppc64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"product": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"product_id": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-perl-scripts@2.6.6-2.1.el6_0?arch=ppc64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.6.6-2.1.el6_0.ppc64",
"product": {
"name": "postfix-2:2.6.6-2.1.el6_0.ppc64",
"product_id": "postfix-2:2.6.6-2.1.el6_0.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.6.6-2.1.el6_0?arch=ppc64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"product": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"product_id": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.6.6-2.1.el6_0?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"product": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"product_id": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-perl-scripts@2.6.6-2.1.el6_0?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.6.6-2.1.el6_0.s390x",
"product": {
"name": "postfix-2:2.6.6-2.1.el6_0.s390x",
"product_id": "postfix-2:2.6.6-2.1.el6_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.6.6-2.1.el6_0?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"product": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"product_id": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-debuginfo@2.6.6-2.1.el6_0?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"product": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"product_id": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix-perl-scripts@2.6.6-2.1.el6_0?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "postfix-2:2.6.6-2.1.el6_0.x86_64",
"product": {
"name": "postfix-2:2.6.6-2.1.el6_0.x86_64",
"product_id": "postfix-2:2.6.6-2.1.el6_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.6.6-2.1.el6_0?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "postfix-2:2.6.6-2.1.el6_0.src",
"product": {
"name": "postfix-2:2.6.6-2.1.el6_0.src",
"product_id": "postfix-2:2.6.6-2.1.el6_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postfix@2.6.6-2.1.el6_0?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-2:2.6.6-2.1.el6_0.src"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.src",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-2:2.6.6-2.1.el6_0.src"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.src",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.src"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.src",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.src as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-2:2.6.6-2.1.el6_0.src"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.src",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-2:2.6.6-2.1.el6_0.src"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.src",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.src as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-2:2.6.6-2.1.el6_0.src"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.src",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.src"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.src",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-2:2.6.6-2.1.el6_0.src"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.src",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64"
},
"product_reference": "postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"relates_to_product_reference": "6Workstation"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"CERT/CC"
]
}
],
"cve": "CVE-2011-0411",
"discovery_date": "2011-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "674814"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postfix: SMTP commands injection during plaintext to TLS session switch",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affected postfix packages in Red Hat Enterprise Linux 4, 5, and 6. It was corrected via RHSA-2011:0422 and RHSA-2011:0423.\n\nThis issue did not affect the versions of sendmail as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6, and the versions of exim as shipped with Red Hat Enterprise Linux 4 and 5.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.i686",
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.src",
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Client:postfix-2:2.6.6-2.1.el6_0.i686",
"6Client:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Client:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Client:postfix-2:2.6.6-2.1.el6_0.src",
"6Client:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.src",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.src",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.i686",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.src",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Server:postfix-2:2.6.6-2.1.el6_0.i686",
"6Server:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Server:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Server:postfix-2:2.6.6-2.1.el6_0.src",
"6Server:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.i686",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.src",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.i686",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.src",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-0411"
},
{
"category": "external",
"summary": "RHBZ#674814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=674814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0411",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0411"
}
],
"release_date": "2011-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2011-04-06T23:08:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.i686",
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.src",
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Client:postfix-2:2.6.6-2.1.el6_0.i686",
"6Client:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Client:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Client:postfix-2:2.6.6-2.1.el6_0.src",
"6Client:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.src",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.src",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.i686",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.src",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Server:postfix-2:2.6.6-2.1.el6_0.i686",
"6Server:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Server:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Server:postfix-2:2.6.6-2.1.el6_0.src",
"6Server:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.i686",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.src",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.i686",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.src",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2011:0423"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.i686",
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.src",
"6Client-optional:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Client-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Client-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Client:postfix-2:2.6.6-2.1.el6_0.i686",
"6Client:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Client:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Client:postfix-2:2.6.6-2.1.el6_0.src",
"6Client:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Client:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Client:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.src",
"6ComputeNode-optional:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.src",
"6ComputeNode:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6ComputeNode:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.i686",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.src",
"6Server-optional:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Server-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Server-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Server:postfix-2:2.6.6-2.1.el6_0.i686",
"6Server:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Server:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Server:postfix-2:2.6.6-2.1.el6_0.src",
"6Server:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Server:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Server:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.i686",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.src",
"6Workstation-optional:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Workstation-optional:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Workstation-optional:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.i686",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.s390x",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.src",
"6Workstation:postfix-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.i686",
"6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.s390x",
"6Workstation:postfix-debuginfo-2:2.6.6-2.1.el6_0.x86_64",
"6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.i686",
"6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.ppc64",
"6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.s390x",
"6Workstation:postfix-perl-scripts-2:2.6.6-2.1.el6_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "postfix: SMTP commands injection during plaintext to TLS session switch"
}
]
}
GHSA-2GF2-4WWM-4CM6
Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2022-05-13 01:07
VLAI?
Details
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
{
"affected": [],
"aliases": [
"CVE-2011-0411"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-03-16T22:55:00Z",
"severity": "MODERATE"
},
"details": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack.",
"id": "GHSA-2gf2-4wwm-4cm6",
"modified": "2022-05-13T01:07:08Z",
"published": "2022-05-13T01:07:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0411"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"type": "WEB",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43646"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43874"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1025179"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5002"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/71021"
},
{
"type": "WEB",
"url": "http://www.postfix.org/CVE-2011-0411.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0423.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/46767"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0891"
}
],
"schema_version": "1.4.0",
"severity": []
}
VAR-201103-0114
Vulnerability from variot - Updated: 2025-12-22 21:51The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack. Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. plural STARTTLS There is a vulnerability in the implementation of. plural STARTTLS Implementation of a man-in-the-middle attack (man-in-the-middle attack) May insert a command. This vulnerability is due to the fact that switching to ciphertext communication is performed at a lower layer than the application. This vulnerability is only relevant for implementations that perform certificate validation.An arbitrary command may be executed by a remote attacker who can intercept communications. An attacker can exploit this issue to execute arbitrary commands in the context of the user running the application. Successful exploits can allow attackers to obtain email usernames and passwords. The following vendors are affected: Ipswitch Kerio Postfix Qmail-TLS Oracle (note that the affected application is unknown) SCO Group spamdyke ISC. Postfix is a mail transfer agent used in Unix-like operating systems. The STARTTLS implementation in Postfix 2.4.x prior to 2.4.16, 2.5.x prior to 2.5.12, 2.6.x prior to 2.6.9, and 2.7.x prior to 2.7.3 did not properly restrict I/ O buffering effect. ========================================================================== Ubuntu Security Notice USN-1113-1 April 18, 2011
postfix vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
- Ubuntu 8.04 LTS
- Ubuntu 6.06 LTS
Summary:
An attacker could send crafted input to Postfix and cause it to reveal confidential information. This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. (CVE-2009-2939)
Wietse Venema discovered that Postfix incorrectly handled cleartext commands after TLS is in place. (CVE-2011-0411)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 10.10: postfix 2.7.1-1ubuntu0.1
Ubuntu 10.04 LTS: postfix 2.7.0-1ubuntu0.1
Ubuntu 9.10: postfix 2.6.5-3ubuntu0.1
Ubuntu 8.04 LTS: postfix 2.5.1-2ubuntu1.3
Ubuntu 6.06 LTS: postfix 2.2.10-1ubuntu0.3
In general, a standard system update will make all the necessary changes.
References: CVE-2009-2939, CVE-2011-0411
Package Information: https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.1 https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/postfix/2.6.5-3ubuntu0.1 https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.3 https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.3
.
CVE-2011-4130 ProFTPD uses a response pool after freeing it under exceptional conditions, possibly leading to remote code execution.
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
References:
http://www.postfix.org/CVE-2011-0411.html
Updated Packages:
Mandriva Linux 2009.0: ed4ae86475a00faaadbda5683ee496f5 2009.0/i586/pure-ftpd-1.0.21-8.1mdv2009.0.i586.rpm 0dea42dbd5958a0a4a4e8a47d020062a 2009.0/i586/pure-ftpd-anon-upload-1.0.21-8.1mdv2009.0.i586.rpm 3f3c60fbe60ffa16a542ae78868042c1 2009.0/i586/pure-ftpd-anonymous-1.0.21-8.1mdv2009.0.i586.rpm 32f302505171f7d7801acec8e0aac0ab 2009.0/SRPMS/pure-ftpd-1.0.21-8.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: 9fbbd20ce659012dcef2ea534b3e065c 2009.0/x86_64/pure-ftpd-1.0.21-8.1mdv2009.0.x86_64.rpm d953ece1911ad4f744b5fe5f704c2e9e 2009.0/x86_64/pure-ftpd-anon-upload-1.0.21-8.1mdv2009.0.x86_64.rpm fd131923aa12607939a33ab0d5a47690 2009.0/x86_64/pure-ftpd-anonymous-1.0.21-8.1mdv2009.0.x86_64.rpm 32f302505171f7d7801acec8e0aac0ab 2009.0/SRPMS/pure-ftpd-1.0.21-8.1mdv2009.0.src.rpm
Mandriva Linux 2010.0: 580032400f3f536b90509404bfa5ff50 2010.0/i586/pure-ftpd-1.0.22-1.1mdv2010.0.i586.rpm 05fe3428a8378f9c7e8282d9e62c9fdf 2010.0/i586/pure-ftpd-anon-upload-1.0.22-1.1mdv2010.0.i586.rpm 8e63f703e071bf7f819b98cb96eeab1d 2010.0/i586/pure-ftpd-anonymous-1.0.22-1.1mdv2010.0.i586.rpm 5370b6f3148695cae7d37dd7a79c4158 2010.0/SRPMS/pure-ftpd-1.0.22-1.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64: 897957ada6eadf9e87bae3e26ff442fe 2010.0/x86_64/pure-ftpd-1.0.22-1.1mdv2010.0.x86_64.rpm add9ece828990b566192691992e43cc6 2010.0/x86_64/pure-ftpd-anon-upload-1.0.22-1.1mdv2010.0.x86_64.rpm 6c82671449daf5c7b9d6e40c4c33939b 2010.0/x86_64/pure-ftpd-anonymous-1.0.22-1.1mdv2010.0.x86_64.rpm 5370b6f3148695cae7d37dd7a79c4158 2010.0/SRPMS/pure-ftpd-1.0.22-1.1mdv2010.0.src.rpm
Mandriva Linux 2010.1: 441c80d9c965274c99d34fce9a4bb6ca 2010.1/i586/pure-ftpd-1.0.29-2.1mdv2010.2.i586.rpm f73c5b101a3100fa5ccf7be95cb820c1 2010.1/i586/pure-ftpd-anon-upload-1.0.29-2.1mdv2010.2.i586.rpm 1bf7c0076615559f213f9e90aabe1ee3 2010.1/i586/pure-ftpd-anonymous-1.0.29-2.1mdv2010.2.i586.rpm 77f0d44baa44e8abc0a5393154d1e347 2010.1/SRPMS/pure-ftpd-1.0.29-2.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64: 7f83617195a06fe87d4fe91f78256ea8 2010.1/x86_64/pure-ftpd-1.0.29-2.1mdv2010.2.x86_64.rpm d0428e106e4c4233a266b62b1208f63e 2010.1/x86_64/pure-ftpd-anon-upload-1.0.29-2.1mdv2010.2.x86_64.rpm 04a2e708f8334b33fda7975f72c9afd0 2010.1/x86_64/pure-ftpd-anonymous-1.0.29-2.1mdv2010.2.x86_64.rpm 77f0d44baa44e8abc0a5393154d1e347 2010.1/SRPMS/pure-ftpd-1.0.29-2.1mdv2010.2.src.rpm
Corporate 4.0: 2054ec719cbd8c9be8ad7e9bc654f79e corporate/4.0/i586/pure-ftpd-1.0.20-7.1.20060mlcs4.i586.rpm 2614d3560204ffb498f6c49453442d05 corporate/4.0/i586/pure-ftpd-anon-upload-1.0.20-7.1.20060mlcs4.i586.rpm 1fb356298d6a5c4b50b6822e8dde3e0b corporate/4.0/i586/pure-ftpd-anonymous-1.0.20-7.1.20060mlcs4.i586.rpm 63859bd845934e2d382fd2406a1fd9f7 corporate/4.0/SRPMS/pure-ftpd-1.0.20-7.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64: b4d4edc6889d96135330b98057bf5396 corporate/4.0/x86_64/pure-ftpd-1.0.20-7.1.20060mlcs4.x86_64.rpm 99ffba7cc4e729a617ca45a10baa9125 corporate/4.0/x86_64/pure-ftpd-anon-upload-1.0.20-7.1.20060mlcs4.x86_64.rpm b84684dfd4166dcf6def917014355b76 corporate/4.0/x86_64/pure-ftpd-anonymous-1.0.20-7.1.20060mlcs4.x86_64.rpm 63859bd845934e2d382fd2406a1fd9f7 corporate/4.0/SRPMS/pure-ftpd-1.0.20-7.1.20060mlcs4.src.rpm
Mandriva Enterprise Server 5: 3e3694e0220ab4cfc55b3d0614443d5d mes5/i586/pure-ftpd-1.0.21-8.1mdvmes5.2.i586.rpm c281cdd9b6ab44f956802cbd9d327e36 mes5/i586/pure-ftpd-anon-upload-1.0.21-8.1mdvmes5.2.i586.rpm ab25c5522a053fddf570a7af29f79db7 mes5/i586/pure-ftpd-anonymous-1.0.21-8.1mdvmes5.2.i586.rpm 71436d40f9fe4780edc71f326a71324c mes5/SRPMS/pure-ftpd-1.0.21-8.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: dd4fbf6ccb18a342b91b2bdc07048fd9 mes5/x86_64/pure-ftpd-1.0.21-8.1mdvmes5.2.x86_64.rpm 70a0f49eaca5fd8f7a80967810fbfb7d mes5/x86_64/pure-ftpd-anon-upload-1.0.21-8.1mdvmes5.2.x86_64.rpm 7e6c3b99218158806d3c747f781a449b mes5/x86_64/pure-ftpd-anonymous-1.0.21-8.1mdvmes5.2.x86_64.rpm 71436d40f9fe4780edc71f326a71324c mes5/SRPMS/pure-ftpd-1.0.21-8.1mdvmes5.2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-33
http://security.gentoo.org/
Severity: High Title: Postfix: Multiple vulnerabilities Date: June 25, 2012 Bugs: #358085, #366605 ID: 201206-33
Synopsis
A vulnerability has been found in Postfix, the worst of which possibly allowing remote code execution.
Background
Postfix is Wietse Venema=E2=80=99s mailer that attempts to be fast, easy = to administer, and secure, as an alternative to the widely-used Sendmail program.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 mail-mta/postfix < 2.7.4 >= 2.7.4
Description
A vulnerability have been discovered in Postfix. Please review the CVE identifier referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Postfix users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.7.4"
References
[ 1 ] CVE-2011-0411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0411 [ 2 ] CVE-2011-1720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1720
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-33.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . This is a writeup about a flaw that I found recently, and that existed in multiple implementations of SMTP (Simple Mail Transfer Protocol) over TLS (Transport Layer Security) including my Postfix open source mailserver. I give an overview of the problem and its impact, how to find out if a server is affected, fixes, and draw lessons about where we can expect similar problems. A time line is at the end.
For further reading: http://www.kb.cert.org/vuls/id/555316 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411 http://www.postfix.org/CVE-2011-0411.html (extended writeup)
Wietse
Problem overview and impact
The TLS protocol encrypts communication and protects it against modification by other parties. This protection exists only if a) software is free of flaws, and b) clients verify the server's TLS certificate, so that there can be no "man in the middle" (servers usually don't verify client certificates).
The problem discussed in this writeup is caused by a software flaw.
The injected commands could be used to steal the victim's email or SASL (Simple Authentication and Security Layer) username and password.
This is not as big a problem as it may appear to be. The reason is that many SMTP client applications don't verify server TLS certificates. These SMTP clients are always vulnerable to command injection and other attacks. Their TLS sessions are only encrypted but not protected.
A similar plaintext injection flaw may exist in the way SMTP clients handle SMTP-over-TLS server responses, but its impact is less interesting than the server-side flaw.
SMTP is not the only protocol with a mid-session switch from plaintext to TLS. Other examples are POP3, IMAP, NNTP and FTP. Implementations of these protocols may be affected by the same flaw as discussed here.
Demonstration
The problem is easy to demonstrate with a one-line change to the OpenSSL s_client command source code (I would prefer scripting, but having to install Perl CPAN modules and all their dependencies is more work than downloading a .tar.gz file from openssl.org, adding eight characters to one line, and doing "./config; make").
The OpenSSL s_client command can make a connection to servers that support straight TLS, SMTP over TLS, or a handful other protocols over TLS. The demonstration with SMTP over TLS involves a one-line change in the OpenSSL s_client source code (with OpenSSL 1.0.0, at line 1129 of file apps/s_client.c).
Old: BIO_printf(sbio,"STARTTLS\r\n"); New: BIO_printf(sbio,"STARTTLS\r\nRSET\r\n");
With this change, the s_client command sends the plaintext STARTTLS command ("let's turn on TLS") immediately followed by an RSET command (a relatively harmless protocol "reset"). Both commands are sent as plaintext in the same TCP/IP packet, and arrive together at the server. The "\r\n" are the carriage-return and newline characters; these are necessary to terminate an SMTP command.
When an SMTP server has the plaintext injection flaw, it reads the STARTTLS command first, switches to SMTP-over-TLS mode, and only then the server reads the RSET command. Note, the RSET command was transmitted during the plaintext SMTP phase when there is no protection, but the server reads the command as if it was received over the TLS-protected channel.
Thus, when the SMTP server has the flaw, the s_client command output will show two "250" SMTP server responses instead of one. The first "250" response is normal, and is present even when the server is not flawed. The second "250" response is for the RSET command, and indicates that the SMTP server has the plaintext injection flaw.
$ apps/openssl s_client -quiet -starttls smtp -connect server:port [some server TLS certificate details omitted] 250 some text here <=== Normal response, also with "good" server. 250 more text here <=== RSET response, only with flawed server.
Anatomy of the flaw: it's all about the plumbing
Whether a program may have the plaintext injection flaw depends on how it adjusts the plumbing, as it inserts the TLS protocol layer in-between the SMTP protocol layer and the O/S TCP/IP protocol layer. I illustrate this with examples from three open source MTAs: Postfix, Sendmail and Exim. The diagram below is best viewed with a fixed-width font, for example, from the Courier family.
Postfix MTA Sendmail MTA Exim MTA
before/after before/after before/after
switch to TLS switch to TLS switch to TLS
SMTP SMTP SMTP SMTP SMTP SMTP <= SMTP layer
|| || || || || ||
stream stream stream stream' || || buffers buffers buffers buffers' rw r'w' <= stream layer rw r'w' rw r'w' || || || || || || || || || TLS || TLS || TLS <= TLS layer || || || || || || O/S O/S O/S O/S O/S O/S <= TCP/IP layer
As shown in the diagram, both Postfix and Sendmail use an application- level stream abstraction, where each stream has properties such as read/write buffers, read/write functions (indicated with rw), and other properties that are omitted for brevity.
When Postfix switches to SMTP over TLS, it replaces the plaintext read/write functions (rw) with the TLS read/write functions (r'w'). Postfix does not modify any of the other stream properties including the read/write buffers. A patch for qmail that introduces TLS support uses the same approach. This approach of replacing only the stream read/write functions, but not the buffers or other stream properties, can introduce the plaintext injection flaw.
When Sendmail switches to SMTP over TLS, it replaces the entire stream, along with its read/write buffers and read/write functions. Exim, on the other hand, does not seem to have a stream abstraction like Postfix, Sendmail or qmail. Instead of replacing streams or stream properties, Exim replaces plaintext read/write functions with TLS read/write functions. Because of their program structure, Sendmail and Exim didn't suffer from the plaintext injection flaw.
Fixing the problem
There are two solutions to address the flaw, and both solutions can be used together.
- Report an error when unexpected plaintext is received after the STARTTLS command. As documented in RFC 3207, STARTTLS must be the last command in a pipelined group. If plaintext commands are received after STARTTLS, then that is a protocol violation.
This measure can also be implemented outside the MTA, for example in a protocol-aware firewall.
- If a program uses the same input buffer before and after the switch to TLS, it should discard the contents of the input buffer, just like it discards SMTP protocol information that it received during the plaintext protocol phase.
Conclusion
This plaintext injection problem is likely to recur when some development moves the plaintext-to-ciphertext switch outside the application: for example, into the kernel, into the local hardware, into a proxy, or into other infrastructure. This encourages applications to use the same application-level streams and buffers and read/write functions before and after the switch to ciphertext. When this migration happens, plaintext injection becomes once more a possibility.
Time line
Jan 5 2011: While finishing Postfix for its annual release, I found and fixed this flaw in the SMTP server and client implementations, where it had been sitting ever since TLS support was adopted.
Jan 6-10 2011: As we investigated the scope of the problem, Victor Duchovni (co-developer) discovered that other implementations were also affected including security providers and security appliances.
Jan 11 2011: Contact CERT/CC to help coordinate with the problem's resolution.
Mar 7 2011: Public announcement, and Postfix legacy release updates. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2009-2939 The postinst script grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.
CVE-2011-1720 A heap-based read-only buffer overflow allows malicious clients to crash the smtpd server process using a crafted SASL authentication request.
For the oldstable distribution (lenny), this problem has been fixed in version 2.5.5-1.1+lenny1.
For the stable distribution (squeeze), this problem has been fixed in version 2.7.1-1+squeeze1.
For the unstable distribution (sid), this problem has been fixed in version 2.8.0-1.
We recommend that you upgrade your postfix packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJNyXybAAoJEL97/wQC1SS+xb0H/igqYhOTtvO91deptOPyednw 5sBQPXGoo+RXeomLsJk8P6ezm7fEGTSl7GUEpNwS1qsqAPVnl9XAK6dOGFae1PbG 2L93eR6AKgKo60tp2On1Tf1c0HcD6yKiZ6J7C7nZ3E8+yZwSd1k6826ZUQ3gzKKW DTIu6w2CzzleK/bppWfhAvwvobHD6X1B16qklZfqw6H0C/QfMjM8ZXLCRv9Tq1TN jX1W4qeed7pr8r3pTJ9npzae7drqFLoVDi0tpGKi0UHEwgRma1AbDaI2BVmeblue YNRHg7H+TqfrUwN8iB64WrYvqnHCQfvViL8f0ML2uJXJf/lHby+vxPl6EGxAIoY= =yCCp -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201103-0114",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.3"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.8"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.1"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.7"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.5"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.6"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.4"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.2"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.0"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.9"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.11"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.0"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.1"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.15"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.13"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.1"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.7.1"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.6"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.12"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.4"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.5"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.5"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.4"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.7"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.11"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.14"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.8"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.7.0"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.9"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.7.2"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.0"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.3"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.10"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.6"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.2"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.10"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.8"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.3"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.2"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.7"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cyrus imap",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ipswitch",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "kerio",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "postfix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "qmail tls",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "watchguard",
"version": null
},
{
"model": "proftpd",
"scope": "eq",
"trust": 0.8,
"vendor": "proftpd",
"version": "1.3.3"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "3.0"
},
{
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "3.0 (x64)"
},
{
"model": "turbolinux client",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "2008 and 12.5"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "11"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "11 (x64)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux long life",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 5.6 server)"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.3.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "spamdyke",
"scope": "ne",
"trust": 0.3,
"vendor": "spamdyke",
"version": "4.2.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.7.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "imap server",
"scope": "eq",
"trust": 0.3,
"vendor": "cyrus",
"version": "2.4"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.5.4"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux enterprise sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "groupware server 2.2-rc3",
"scope": null,
"trust": 0.3,
"vendor": "kolab",
"version": null
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.9"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.01"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.4.9"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.0.3"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.5.5"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.1.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.3.2"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.2.3"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "pure-ftpd",
"scope": "ne",
"trust": 0.3,
"vendor": "pureftpd",
"version": "1.0.30"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.3"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "20011115"
},
{
"model": "groupware server -rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2.3"
},
{
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.11"
},
{
"model": "java system messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "mailserver patch",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.7.01"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.2.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.5"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20110"
},
{
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.5.2"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.6.3"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.3"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1.3"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "imail hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.13"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "mailserver patch",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6.23"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "linux enterprise sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "pure-ftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "pureftpd",
"version": "1.0.29"
},
{
"model": "groupware server 2.1.beta3",
"scope": null,
"trust": 0.3,
"vendor": "kolab",
"version": null
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.0"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.3.3"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.4.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.3"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "groupware server",
"scope": "ne",
"trust": 0.3,
"vendor": "kolab",
"version": "2.3.2"
},
{
"model": "inn",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "2.5.3"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.8"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.4.8"
},
{
"model": "spamdyke",
"scope": "eq",
"trust": 0.3,
"vendor": "spamdyke",
"version": "4.2"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "mailserver patch",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1.31"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.1"
},
{
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.4"
},
{
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "1.1.13"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "19991231"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.3"
},
{
"model": "imap server",
"scope": "ne",
"trust": 0.3,
"vendor": "cyrus",
"version": "2.4.7"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.7"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.3.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "connect build",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "7.1.42985"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.12"
},
{
"model": "linux enterprise sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.4.2"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.1"
},
{
"model": "groupware server 2.1beta2",
"scope": null,
"trust": 0.3,
"vendor": "kolab",
"version": null
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.5"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.6-20080902"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"model": "linux enterprise sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "scooffice server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "0"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.9"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.20"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.3.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.3"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.1"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.2"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.1"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2.2"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.1.3"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "1.1.12"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.2.4"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "1.1.11"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "xcs",
"scope": "eq",
"trust": 0.3,
"vendor": "watchguard",
"version": "9.1"
},
{
"model": "netqmail",
"scope": "eq",
"trust": 0.3,
"vendor": "qmail smtpd auth",
"version": "0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.4.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.14"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.4.1"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "1.0.21"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.0"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.1"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2.4"
},
{
"model": "java system messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.3"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.5"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "groupware server 2.2-rc1",
"scope": null,
"trust": 0.3,
"vendor": "kolab",
"version": null
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.10"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.6.5"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "message networking sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.8"
},
{
"model": "groupware server beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.3"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.10"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.6"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "20010228"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.6.4"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.0.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.1.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.1"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "imail hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.151"
},
{
"model": "imap server",
"scope": "eq",
"trust": 0.3,
"vendor": "cyrus",
"version": "2.4.6"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.2"
},
{
"model": "starttls",
"scope": "eq",
"trust": 0.3,
"vendor": "ietf",
"version": "0"
},
{
"model": "mailserver build",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6.17069"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "7.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20090"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.1"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "messaging storage server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "groupware server beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "venema postfix patchlevel",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.5.44"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.0.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.4"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.7"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.0.4"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.2.10"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "19990906"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.6"
},
{
"model": "xcs",
"scope": "eq",
"trust": 0.3,
"vendor": "watchguard",
"version": "9.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "BID",
"id": "46767"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:proftpd:proftpd",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_client",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_hpc_node",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_long_life",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wietse Venema",
"sources": [
{
"db": "BID",
"id": "46767"
},
{
"db": "PACKETSTORM",
"id": "99053"
}
],
"trust": 0.4
},
"cve": "CVE-2011-0411",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2011-0411",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-48356",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-0411",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#555316",
"trust": 0.8,
"value": "1.39"
},
{
"author": "NVD",
"id": "CVE-2011-0411",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201103-213",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-48356",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2011-0411",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack. Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. plural STARTTLS There is a vulnerability in the implementation of. plural STARTTLS Implementation of a man-in-the-middle attack (man-in-the-middle attack) May insert a command. This vulnerability is due to the fact that switching to ciphertext communication is performed at a lower layer than the application. This vulnerability is only relevant for implementations that perform certificate validation.An arbitrary command may be executed by a remote attacker who can intercept communications. \nAn attacker can exploit this issue to execute arbitrary commands in the context of the user running the application. Successful exploits can allow attackers to obtain email usernames and passwords. \nThe following vendors are affected:\nIpswitch\nKerio\nPostfix\nQmail-TLS\nOracle (note that the affected application is unknown)\nSCO Group\nspamdyke\nISC. Postfix is \u200b\u200ba mail transfer agent used in Unix-like operating systems. The STARTTLS implementation in Postfix 2.4.x prior to 2.4.16, 2.5.x prior to 2.5.12, 2.6.x prior to 2.6.9, and 2.7.x prior to 2.7.3 did not properly restrict I/ O buffering effect. ==========================================================================\nUbuntu Security Notice USN-1113-1\nApril 18, 2011\n\npostfix vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n- Ubuntu 9.10\n- Ubuntu 8.04 LTS\n- Ubuntu 6.06 LTS\n\nSummary:\n\nAn attacker could send crafted input to Postfix and cause it to reveal\nconfidential information. \nThis issue only affected Ubuntu 6.06 LTS and 8.04 LTS. (CVE-2009-2939)\n\nWietse Venema discovered that Postfix incorrectly handled cleartext\ncommands after TLS is in place. (CVE-2011-0411)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 10.10:\n postfix 2.7.1-1ubuntu0.1\n\nUbuntu 10.04 LTS:\n postfix 2.7.0-1ubuntu0.1\n\nUbuntu 9.10:\n postfix 2.6.5-3ubuntu0.1\n\nUbuntu 8.04 LTS:\n postfix 2.5.1-2ubuntu1.3\n\nUbuntu 6.06 LTS:\n postfix 2.2.10-1ubuntu0.3\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n CVE-2009-2939, CVE-2011-0411\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.1\n https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.1\n https://launchpad.net/ubuntu/+source/postfix/2.6.5-3ubuntu0.1\n https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.3\n https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.3\n\n\n. \n\nCVE-2011-4130\n\tProFTPD uses a response pool after freeing it under\n\texceptional conditions, possibly leading to remote code\n\texecution. \n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149\u0026amp;products_id=490\n \n The updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n\n http://www.postfix.org/CVE-2011-0411.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.0:\n ed4ae86475a00faaadbda5683ee496f5 2009.0/i586/pure-ftpd-1.0.21-8.1mdv2009.0.i586.rpm\n 0dea42dbd5958a0a4a4e8a47d020062a 2009.0/i586/pure-ftpd-anon-upload-1.0.21-8.1mdv2009.0.i586.rpm\n 3f3c60fbe60ffa16a542ae78868042c1 2009.0/i586/pure-ftpd-anonymous-1.0.21-8.1mdv2009.0.i586.rpm \n 32f302505171f7d7801acec8e0aac0ab 2009.0/SRPMS/pure-ftpd-1.0.21-8.1mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n 9fbbd20ce659012dcef2ea534b3e065c 2009.0/x86_64/pure-ftpd-1.0.21-8.1mdv2009.0.x86_64.rpm\n d953ece1911ad4f744b5fe5f704c2e9e 2009.0/x86_64/pure-ftpd-anon-upload-1.0.21-8.1mdv2009.0.x86_64.rpm\n fd131923aa12607939a33ab0d5a47690 2009.0/x86_64/pure-ftpd-anonymous-1.0.21-8.1mdv2009.0.x86_64.rpm \n 32f302505171f7d7801acec8e0aac0ab 2009.0/SRPMS/pure-ftpd-1.0.21-8.1mdv2009.0.src.rpm\n\n Mandriva Linux 2010.0:\n 580032400f3f536b90509404bfa5ff50 2010.0/i586/pure-ftpd-1.0.22-1.1mdv2010.0.i586.rpm\n 05fe3428a8378f9c7e8282d9e62c9fdf 2010.0/i586/pure-ftpd-anon-upload-1.0.22-1.1mdv2010.0.i586.rpm\n 8e63f703e071bf7f819b98cb96eeab1d 2010.0/i586/pure-ftpd-anonymous-1.0.22-1.1mdv2010.0.i586.rpm \n 5370b6f3148695cae7d37dd7a79c4158 2010.0/SRPMS/pure-ftpd-1.0.22-1.1mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 897957ada6eadf9e87bae3e26ff442fe 2010.0/x86_64/pure-ftpd-1.0.22-1.1mdv2010.0.x86_64.rpm\n add9ece828990b566192691992e43cc6 2010.0/x86_64/pure-ftpd-anon-upload-1.0.22-1.1mdv2010.0.x86_64.rpm\n 6c82671449daf5c7b9d6e40c4c33939b 2010.0/x86_64/pure-ftpd-anonymous-1.0.22-1.1mdv2010.0.x86_64.rpm \n 5370b6f3148695cae7d37dd7a79c4158 2010.0/SRPMS/pure-ftpd-1.0.22-1.1mdv2010.0.src.rpm\n\n Mandriva Linux 2010.1:\n 441c80d9c965274c99d34fce9a4bb6ca 2010.1/i586/pure-ftpd-1.0.29-2.1mdv2010.2.i586.rpm\n f73c5b101a3100fa5ccf7be95cb820c1 2010.1/i586/pure-ftpd-anon-upload-1.0.29-2.1mdv2010.2.i586.rpm\n 1bf7c0076615559f213f9e90aabe1ee3 2010.1/i586/pure-ftpd-anonymous-1.0.29-2.1mdv2010.2.i586.rpm \n 77f0d44baa44e8abc0a5393154d1e347 2010.1/SRPMS/pure-ftpd-1.0.29-2.1mdv2010.2.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n 7f83617195a06fe87d4fe91f78256ea8 2010.1/x86_64/pure-ftpd-1.0.29-2.1mdv2010.2.x86_64.rpm\n d0428e106e4c4233a266b62b1208f63e 2010.1/x86_64/pure-ftpd-anon-upload-1.0.29-2.1mdv2010.2.x86_64.rpm\n 04a2e708f8334b33fda7975f72c9afd0 2010.1/x86_64/pure-ftpd-anonymous-1.0.29-2.1mdv2010.2.x86_64.rpm \n 77f0d44baa44e8abc0a5393154d1e347 2010.1/SRPMS/pure-ftpd-1.0.29-2.1mdv2010.2.src.rpm\n\n Corporate 4.0:\n 2054ec719cbd8c9be8ad7e9bc654f79e corporate/4.0/i586/pure-ftpd-1.0.20-7.1.20060mlcs4.i586.rpm\n 2614d3560204ffb498f6c49453442d05 corporate/4.0/i586/pure-ftpd-anon-upload-1.0.20-7.1.20060mlcs4.i586.rpm\n 1fb356298d6a5c4b50b6822e8dde3e0b corporate/4.0/i586/pure-ftpd-anonymous-1.0.20-7.1.20060mlcs4.i586.rpm \n 63859bd845934e2d382fd2406a1fd9f7 corporate/4.0/SRPMS/pure-ftpd-1.0.20-7.1.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b4d4edc6889d96135330b98057bf5396 corporate/4.0/x86_64/pure-ftpd-1.0.20-7.1.20060mlcs4.x86_64.rpm\n 99ffba7cc4e729a617ca45a10baa9125 corporate/4.0/x86_64/pure-ftpd-anon-upload-1.0.20-7.1.20060mlcs4.x86_64.rpm\n b84684dfd4166dcf6def917014355b76 corporate/4.0/x86_64/pure-ftpd-anonymous-1.0.20-7.1.20060mlcs4.x86_64.rpm \n 63859bd845934e2d382fd2406a1fd9f7 corporate/4.0/SRPMS/pure-ftpd-1.0.20-7.1.20060mlcs4.src.rpm\n\n Mandriva Enterprise Server 5:\n 3e3694e0220ab4cfc55b3d0614443d5d mes5/i586/pure-ftpd-1.0.21-8.1mdvmes5.2.i586.rpm\n c281cdd9b6ab44f956802cbd9d327e36 mes5/i586/pure-ftpd-anon-upload-1.0.21-8.1mdvmes5.2.i586.rpm\n ab25c5522a053fddf570a7af29f79db7 mes5/i586/pure-ftpd-anonymous-1.0.21-8.1mdvmes5.2.i586.rpm \n 71436d40f9fe4780edc71f326a71324c mes5/SRPMS/pure-ftpd-1.0.21-8.1mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n dd4fbf6ccb18a342b91b2bdc07048fd9 mes5/x86_64/pure-ftpd-1.0.21-8.1mdvmes5.2.x86_64.rpm\n 70a0f49eaca5fd8f7a80967810fbfb7d mes5/x86_64/pure-ftpd-anon-upload-1.0.21-8.1mdvmes5.2.x86_64.rpm\n 7e6c3b99218158806d3c747f781a449b mes5/x86_64/pure-ftpd-anonymous-1.0.21-8.1mdvmes5.2.x86_64.rpm \n 71436d40f9fe4780edc71f326a71324c mes5/SRPMS/pure-ftpd-1.0.21-8.1mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201206-33\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Postfix: Multiple vulnerabilities\n Date: June 25, 2012\n Bugs: #358085, #366605\n ID: 201206-33\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability has been found in Postfix, the worst of which possibly\nallowing remote code execution. \n\nBackground\n==========\n\nPostfix is Wietse Venema=E2=80=99s mailer that attempts to be fast, easy =\nto\nadminister, and secure, as an alternative to the widely-used Sendmail\nprogram. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 mail-mta/postfix \u003c 2.7.4 \u003e= 2.7.4\n\nDescription\n===========\n\nA vulnerability have been discovered in Postfix. Please review the CVE\nidentifier referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Postfix users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=mail-mta/postfix-2.7.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-0411\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0411\n[ 2 ] CVE-2011-1720\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1720\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-33.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. This is a writeup about a flaw that I found recently, and that\nexisted in multiple implementations of SMTP (Simple Mail Transfer\nProtocol) over TLS (Transport Layer Security) including my Postfix\nopen source mailserver. I give an overview of the problem and its\nimpact, how to find out if a server is affected, fixes, and draw\nlessons about where we can expect similar problems. A time line\nis at the end. \n\nFor further reading:\nhttp://www.kb.cert.org/vuls/id/555316 \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411\nhttp://www.postfix.org/CVE-2011-0411.html (extended writeup)\n\n\tWietse\n\nProblem overview and impact\n===========================\n\nThe TLS protocol encrypts communication and protects it against\nmodification by other parties. This protection exists only if a)\nsoftware is free of flaws, and b) clients verify the server\u0027s TLS\ncertificate, so that there can be no \"man in the middle\" (servers\nusually don\u0027t verify client certificates). \n\nThe problem discussed in this writeup is caused by a software flaw. \n\nThe injected commands could be used to steal the victim\u0027s email or\nSASL (Simple Authentication and Security Layer) username and password. \n\nThis is not as big a problem as it may appear to be. The reason\nis that many SMTP client applications don\u0027t verify server TLS\ncertificates. These SMTP clients are always vulnerable to command\ninjection and other attacks. Their TLS sessions are only encrypted\nbut not protected. \n\nA similar plaintext injection flaw may exist in the way SMTP clients\nhandle SMTP-over-TLS server responses, but its impact is less\ninteresting than the server-side flaw. \n\nSMTP is not the only protocol with a mid-session switch from plaintext\nto TLS. Other examples are POP3, IMAP, NNTP and FTP. Implementations\nof these protocols may be affected by the same flaw as discussed here. \n\nDemonstration\n=============\n\nThe problem is easy to demonstrate with a one-line change to the\nOpenSSL s_client command source code (I would prefer scripting, but\nhaving to install Perl CPAN modules and all their dependencies is\nmore work than downloading a .tar.gz file from openssl.org, adding\neight characters to one line, and doing \"./config; make\"). \n\nThe OpenSSL s_client command can make a connection to servers that\nsupport straight TLS, SMTP over TLS, or a handful other protocols\nover TLS. The demonstration with SMTP over TLS involves a one-line\nchange in the OpenSSL s_client source code (with OpenSSL 1.0.0, at\nline 1129 of file apps/s_client.c). \n\nOld:\t\tBIO_printf(sbio,\"STARTTLS\\r\\n\");\nNew:\t\tBIO_printf(sbio,\"STARTTLS\\r\\nRSET\\r\\n\");\n\nWith this change, the s_client command sends the plaintext STARTTLS\ncommand (\"let\u0027s turn on TLS\") immediately followed by an RSET command\n(a relatively harmless protocol \"reset\"). Both commands are sent\nas plaintext in the same TCP/IP packet, and arrive together at the\nserver. The \"\\r\\n\" are the carriage-return and newline characters;\nthese are necessary to terminate an SMTP command. \n\nWhen an SMTP server has the plaintext injection flaw, it reads the\nSTARTTLS command first, switches to SMTP-over-TLS mode, and only\nthen the server reads the RSET command. Note, the RSET command was\ntransmitted during the plaintext SMTP phase when there is no\nprotection, but the server reads the command as if it was received\nover the TLS-protected channel. \n\nThus, when the SMTP server has the flaw, the s_client command output\nwill show two \"250\" SMTP server responses instead of one. The first\n\"250\" response is normal, and is present even when the server is\nnot flawed. The second \"250\" response is for the RSET command, and\nindicates that the SMTP server has the plaintext injection flaw. \n\n $ apps/openssl s_client -quiet -starttls smtp -connect server:port\n [some server TLS certificate details omitted]\n 250 some text here \u003c=== Normal response, also with \"good\" server. \n 250 more text here \u003c=== RSET response, only with flawed server. \n\nAnatomy of the flaw: it\u0027s all about the plumbing\n================================================\n\nWhether a program may have the plaintext injection flaw depends on\nhow it adjusts the plumbing, as it inserts the TLS protocol layer\nin-between the SMTP protocol layer and the O/S TCP/IP protocol\nlayer. I illustrate this with examples from three open source MTAs:\nPostfix, Sendmail and Exim. The diagram below is best viewed with\na fixed-width font, for example, from the Courier family. \n\n Postfix MTA Sendmail MTA Exim MTA\n before/after before/after before/after\n switch to TLS switch to TLS switch to TLS\n\n SMTP SMTP SMTP SMTP SMTP SMTP \u003c= SMTP layer\n || || || || || ||\n stream stream stream stream\u0027 || ||\n buffers buffers buffers buffers\u0027 rw r\u0027w\u0027 \u003c= stream layer\n rw r\u0027w\u0027 rw r\u0027w\u0027 || ||\n || || || || || ||\n || TLS || TLS || TLS \u003c= TLS layer\n || || || || || ||\n O/S O/S O/S O/S O/S O/S \u003c= TCP/IP layer\n\nAs shown in the diagram, both Postfix and Sendmail use an application-\nlevel stream abstraction, where each stream has properties such as\nread/write buffers, read/write functions (indicated with rw), and\nother properties that are omitted for brevity. \n\nWhen Postfix switches to SMTP over TLS, it replaces the plaintext\nread/write functions (rw) with the TLS read/write functions (r\u0027w\u0027). \nPostfix does not modify any of the other stream properties including\nthe read/write buffers. A patch for qmail that introduces TLS\nsupport uses the same approach. This approach of replacing only\nthe stream read/write functions, but not the buffers or other stream\nproperties, can introduce the plaintext injection flaw. \n\nWhen Sendmail switches to SMTP over TLS, it replaces the entire\nstream, along with its read/write buffers and read/write functions. \nExim, on the other hand, does not seem to have a stream abstraction\nlike Postfix, Sendmail or qmail. Instead of replacing streams or\nstream properties, Exim replaces plaintext read/write functions\nwith TLS read/write functions. Because of their program structure,\nSendmail and Exim didn\u0027t suffer from the plaintext injection flaw. \n\nFixing the problem\n==================\n\nThere are two solutions to address the flaw, and both solutions can\nbe used together. \n\n- Report an error when unexpected plaintext is received after the\n STARTTLS command. As documented in RFC 3207, STARTTLS must be\n the last command in a pipelined group. If plaintext commands are\n received after STARTTLS, then that is a protocol violation. \n\n This measure can also be implemented outside the MTA, for example\n in a protocol-aware firewall. \n\n- If a program uses the same input buffer before and after the\n switch to TLS, it should discard the contents of the input buffer,\n just like it discards SMTP protocol information that it received\n during the plaintext protocol phase. \n\nConclusion\n==========\n\nThis plaintext injection problem is likely to recur when some\ndevelopment moves the plaintext-to-ciphertext switch outside the\napplication: for example, into the kernel, into the local hardware,\ninto a proxy, or into other infrastructure. This encourages\napplications to use the same application-level streams and buffers\nand read/write functions before and after the switch to ciphertext. \nWhen this migration happens, plaintext injection becomes once more\na possibility. \n\nTime line\n=========\n\nJan 5 2011: While finishing Postfix for its annual release, I found\nand fixed this flaw in the SMTP server and client implementations,\nwhere it had been sitting ever since TLS support was adopted. \n\nJan 6-10 2011: As we investigated the scope of the problem, Victor\nDuchovni (co-developer) discovered that other implementations were\nalso affected including security providers and security appliances. \n\nJan 11 2011: Contact CERT/CC to help coordinate with the problem\u0027s\nresolution. \n\nMar 7 2011: Public announcement, and Postfix legacy release updates. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2009-2939\n The postinst script grants the postfix user write access to\n /var/spool/postfix/pid, which might allow local users to\n conduct symlink attacks that overwrite arbitrary files. \n\nCVE-2011-1720\n A heap-based read-only buffer overflow allows malicious\n clients to crash the smtpd server process using a crafted SASL\n authentication request. \n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.5.5-1.1+lenny1. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.1-1+squeeze1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.8.0-1. \n\nWe recommend that you upgrade your postfix packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niQEcBAEBAgAGBQJNyXybAAoJEL97/wQC1SS+xb0H/igqYhOTtvO91deptOPyednw\n5sBQPXGoo+RXeomLsJk8P6ezm7fEGTSl7GUEpNwS1qsqAPVnl9XAK6dOGFae1PbG\n2L93eR6AKgKo60tp2On1Tf1c0HcD6yKiZ6J7C7nZ3E8+yZwSd1k6826ZUQ3gzKKW\nDTIu6w2CzzleK/bppWfhAvwvobHD6X1B16qklZfqw6H0C/QfMjM8ZXLCRv9Tq1TN\njX1W4qeed7pr8r3pTJ9npzae7drqFLoVDi0tpGKi0UHEwgRma1AbDaI2BVmeblue\nYNRHg7H+TqfrUwN8iB64WrYvqnHCQfvViL8f0ML2uJXJf/lHby+vxPl6EGxAIoY=\n=yCCp\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0411"
},
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"db": "BID",
"id": "46767"
},
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "PACKETSTORM",
"id": "100558"
},
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "99457"
},
{
"db": "PACKETSTORM",
"id": "114177"
},
{
"db": "PACKETSTORM",
"id": "99053"
},
{
"db": "PACKETSTORM",
"id": "101275"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#555316",
"trust": 3.8
},
{
"db": "NVD",
"id": "CVE-2011-0411",
"trust": 3.5
},
{
"db": "BID",
"id": "46767",
"trust": 2.9
},
{
"db": "SECUNIA",
"id": "43646",
"trust": 2.6
},
{
"db": "VUPEN",
"id": "ADV-2011-0611",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1025179",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "43874",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2011-0891",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2011-0752",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "71021",
"trust": 1.8
},
{
"db": "JUNIPER",
"id": "JSA10705",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/08/10/2",
"trust": 1.1
},
{
"db": "XF",
"id": "65932",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "99457",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "114177",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "107027",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "99053",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "99392",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-48356",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2011-0411",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "100558",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101275",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "BID",
"id": "46767"
},
{
"db": "PACKETSTORM",
"id": "100558"
},
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "99457"
},
{
"db": "PACKETSTORM",
"id": "114177"
},
{
"db": "PACKETSTORM",
"id": "99053"
},
{
"db": "PACKETSTORM",
"id": "101275"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"id": "VAR-201103-0114",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-48356"
}
],
"trust": 0.01
},
"last_update_date": "2025-12-22T21:51:04.422000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "postfix-2.3.3-2.10.AXS3",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1399"
},
{
"title": "2211",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2211"
},
{
"title": "2212",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2212"
},
{
"title": "3624",
"trust": 0.8,
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3624"
},
{
"title": "NEWS-1.3.3e",
"trust": 0.8,
"url": "http://www.proftpd.org/docs/NEWS-1.3.3e"
},
{
"title": "NEWS-1.3.4rc2",
"trust": 0.8,
"url": "http://www.proftpd.org/docs/NEWS-1.3.4rc2"
},
{
"title": "RHSA-2011:0422",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2011-0422.html"
},
{
"title": "RHSA-2011:0423",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2011-0423.html"
},
{
"title": "TLSA-2011-13",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2011/TLSA-2011-13j.txt"
},
{
"title": "TLSA-2013-4",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2013/TLSA-2013-4j.html"
},
{
"title": "Postfix STARTTLS Achieve repair measures for plaintext command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159437"
},
{
"title": "Debian CVElist Bug Report Logs: postfix STARTTLS affected by CVE-2011-0411",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=74282b8fe400ed6ddbb6171a1052e2fd"
},
{
"title": "Debian CVElist Bug Report Logs: [CVE-2011-4130] Use-after-free issue",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f7453f9ff437afb706c192fb10d67eb2"
},
{
"title": "Debian CVElist Bug Report Logs: inn: CVE-2012-3523 prone to STARTTLS plaintext command injection",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a774850c70017348487727b907fda84b"
},
{
"title": "Debian CVElist Bug Report Logs: courier: CVE-2021-38084",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=9dc8ffd76b724b58108eb46bc913121c"
},
{
"title": "Debian CVElist Bug Report Logs: STARTTLS plaintext command injection",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b03b4eab65949f1c915b1538f80e6a4b"
},
{
"title": "Ubuntu Security Notice: postfix vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1113-1"
},
{
"title": "Debian Security Advisories: DSA-2346-2 proftpd-dfsg -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a1db5959643fcc6f1957a67359aa92ed"
},
{
"title": "Debian Security Advisories: DSA-2233-1 postfix -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=96aadd3bb66ec0adb18615b395c09544"
},
{
"title": "Vision",
"trust": 0.1,
"url": "https://github.com/CoolerVoid/Vision "
},
{
"title": "Vision2",
"trust": 0.1,
"url": "https://github.com/CoolerVoid/Vision2 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"trust": 2.6,
"url": "http://www.securityfocus.com/bid/46767"
},
{
"trust": 2.6,
"url": "http://securitytracker.com/id?1025179"
},
{
"trust": 2.6,
"url": "http://secunia.com/advisories/43646"
},
{
"trust": 2.6,
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"trust": 2.3,
"url": "http://www.postfix.org/cve-2011-0411.html"
},
{
"trust": 2.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"trust": 1.9,
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00003.html"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht5002"
},
{
"trust": 1.8,
"url": "http://www.kb.cert.org/vuls/id/moro-8elh6z"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-march/056560.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-march/056559.html"
},
{
"trust": 1.8,
"url": "http://www.osvdb.org/71021"
},
{
"trust": 1.8,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0422.html"
},
{
"trust": 1.8,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0423.html"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/43874"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2011/0891"
},
{
"trust": 1.8,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"trust": 1.7,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10705"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0411"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc2595"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc3207"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc4642"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=674814"
},
{
"trust": 0.8,
"url": "http://www.watchguard.com/archive/softwarecenter.asp"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/65932"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu555316"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0411"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0411"
},
{
"trust": 0.3,
"url": "http://kolab.org/pipermail/kolab-announce/2011/000101.html"
},
{
"trust": 0.3,
"url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424"
},
{
"trust": 0.3,
"url": "http://cyrusimap.org/mediawiki/index.php/bugs_resolved_in_2.4.7"
},
{
"trust": 0.3,
"url": "https://www.isc.org/software/inn/2.5.3article"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/mapg-8d9m4p"
},
{
"trust": 0.3,
"url": "http://files.kolab.org/server/release/kolab-server-2.3.2/sources/release-notes.txt"
},
{
"trust": 0.3,
"url": "http://www.pureftpd.org/project/pure-ftpd/news"
},
{
"trust": 0.3,
"url": "http://www.watchguard.com/support/release-notes/xcs/9/en-us/en_releasenotes_xcs_9_1_1/en_releasenotes_wg_xcs_9_1_tls_hotfix.pdf"
},
{
"trust": 0.3,
"url": "http://www.spamdyke.org/documentation/changelog.txt"
},
{
"trust": 0.3,
"url": "http://datatracker.ietf.org/doc/draft-josefsson-kerberos5-starttls/?include_text=1"
},
{
"trust": 0.3,
"url": "/archive/1/516901"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100134676"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100141041"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=850478"
},
{
"trust": 0.3,
"url": "http://inoa.net/qmail-tls/vu555316.patch"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2939"
},
{
"trust": 0.2,
"url": "http://secunia.com/"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1720"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10705"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617849"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=22617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/1113-1/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.6.5-3ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4130"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://store.mandriva.com/product_info.php?cpath=149\u0026amp;products_id=490"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1720"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0411"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "BID",
"id": "46767"
},
{
"db": "PACKETSTORM",
"id": "100558"
},
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "99457"
},
{
"db": "PACKETSTORM",
"id": "114177"
},
{
"db": "PACKETSTORM",
"id": "99053"
},
{
"db": "PACKETSTORM",
"id": "101275"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "BID",
"id": "46767"
},
{
"db": "PACKETSTORM",
"id": "100558"
},
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "99457"
},
{
"db": "PACKETSTORM",
"id": "114177"
},
{
"db": "PACKETSTORM",
"id": "99053"
},
{
"db": "PACKETSTORM",
"id": "101275"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-07T00:00:00",
"db": "CERT/CC",
"id": "VU#555316"
},
{
"date": "2011-03-16T00:00:00",
"db": "VULHUB",
"id": "VHN-48356"
},
{
"date": "2011-03-16T00:00:00",
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"date": "2011-03-07T00:00:00",
"db": "BID",
"id": "46767"
},
{
"date": "2011-04-18T22:40:46",
"db": "PACKETSTORM",
"id": "100558"
},
{
"date": "2011-11-16T04:40:08",
"db": "PACKETSTORM",
"id": "107027"
},
{
"date": "2011-03-18T21:45:06",
"db": "PACKETSTORM",
"id": "99457"
},
{
"date": "2012-06-25T22:58:41",
"db": "PACKETSTORM",
"id": "114177"
},
{
"date": "2011-03-07T19:44:44",
"db": "PACKETSTORM",
"id": "99053"
},
{
"date": "2011-05-10T18:42:48",
"db": "PACKETSTORM",
"id": "101275"
},
{
"date": "2011-03-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"date": "2011-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"date": "2011-03-16T22:55:02.717000",
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-08T00:00:00",
"db": "CERT/CC",
"id": "VU#555316"
},
{
"date": "2017-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-48356"
},
{
"date": "2021-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"date": "2015-04-13T21:35:00",
"db": "BID",
"id": "46767"
},
{
"date": "2021-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"date": "2013-08-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "114177"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "STARTTLS plaintext command injection vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
}
],
"trust": 0.6
}
}
FKIE_CVE-2011-0411
Vulnerability from fkie_nvd - Published: 2011-03-16 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | ||
| cret@cert.org | http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html | ||
| cret@cert.org | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html | ||
| cret@cert.org | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html | ||
| cret@cert.org | http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html | ||
| cret@cert.org | http://secunia.com/advisories/43646 | Vendor Advisory | |
| cret@cert.org | http://secunia.com/advisories/43874 | ||
| cret@cert.org | http://security.gentoo.org/glsa/glsa-201206-33.xml | ||
| cret@cert.org | http://securitytracker.com/id?1025179 | ||
| cret@cert.org | http://support.apple.com/kb/HT5002 | ||
| cret@cert.org | http://www.debian.org/security/2011/dsa-2233 | ||
| cret@cert.org | http://www.kb.cert.org/vuls/id/555316 | US Government Resource | |
| cret@cert.org | http://www.kb.cert.org/vuls/id/MORO-8ELH6Z | US Government Resource | |
| cret@cert.org | http://www.openwall.com/lists/oss-security/2021/08/10/2 | ||
| cret@cert.org | http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html | ||
| cret@cert.org | http://www.osvdb.org/71021 | ||
| cret@cert.org | http://www.postfix.org/CVE-2011-0411.html | Exploit, Vendor Advisory | |
| cret@cert.org | http://www.redhat.com/support/errata/RHSA-2011-0422.html | ||
| cret@cert.org | http://www.redhat.com/support/errata/RHSA-2011-0423.html | ||
| cret@cert.org | http://www.securityfocus.com/bid/46767 | ||
| cret@cert.org | http://www.vupen.com/english/advisories/2011/0611 | Vendor Advisory | |
| cret@cert.org | http://www.vupen.com/english/advisories/2011/0752 | ||
| cret@cert.org | http://www.vupen.com/english/advisories/2011/0891 | ||
| cret@cert.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/65932 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43646 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43874 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201206-33.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1025179 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT5002 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2233 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/555316 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/MORO-8ELH6Z | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/08/10/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/71021 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.postfix.org/CVE-2011-0411.html | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-0422.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-0423.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/46767 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0611 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0752 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0891 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/65932 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postfix | postfix | 2.4 | |
| postfix | postfix | 2.4.0 | |
| postfix | postfix | 2.4.1 | |
| postfix | postfix | 2.4.2 | |
| postfix | postfix | 2.4.3 | |
| postfix | postfix | 2.4.4 | |
| postfix | postfix | 2.4.5 | |
| postfix | postfix | 2.4.6 | |
| postfix | postfix | 2.4.7 | |
| postfix | postfix | 2.4.8 | |
| postfix | postfix | 2.4.9 | |
| postfix | postfix | 2.4.10 | |
| postfix | postfix | 2.4.11 | |
| postfix | postfix | 2.4.12 | |
| postfix | postfix | 2.4.13 | |
| postfix | postfix | 2.4.14 | |
| postfix | postfix | 2.4.15 | |
| postfix | postfix | 2.5.0 | |
| postfix | postfix | 2.5.1 | |
| postfix | postfix | 2.5.2 | |
| postfix | postfix | 2.5.3 | |
| postfix | postfix | 2.5.4 | |
| postfix | postfix | 2.5.5 | |
| postfix | postfix | 2.5.6 | |
| postfix | postfix | 2.5.7 | |
| postfix | postfix | 2.5.8 | |
| postfix | postfix | 2.5.9 | |
| postfix | postfix | 2.5.10 | |
| postfix | postfix | 2.5.11 | |
| postfix | postfix | 2.6 | |
| postfix | postfix | 2.6.0 | |
| postfix | postfix | 2.6.1 | |
| postfix | postfix | 2.6.2 | |
| postfix | postfix | 2.6.3 | |
| postfix | postfix | 2.6.4 | |
| postfix | postfix | 2.6.5 | |
| postfix | postfix | 2.6.6 | |
| postfix | postfix | 2.6.7 | |
| postfix | postfix | 2.6.8 | |
| postfix | postfix | 2.7.0 | |
| postfix | postfix | 2.7.1 | |
| postfix | postfix | 2.7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "998D1069-1CF5-42C5-8668-49D72E2D2F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2138A68-3F3D-4C7E-9FEB-2C8A445F2789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5E0EB5-ECC6-4573-9EA7-83E5741DA3CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "790C02A8-95DD-42BE-8A1C-1C6D6DDCC443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A0034F2-585D-4A98-8428-996A726712DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B162B5-DEF5-46AD-87D1-734B3B637D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF3730A-0FFD-4C23-B758-BBA67CC9CD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "10E8E5E2-5674-40D5-AD86-8C4DDB442EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "690EDC73-47B5-4891-86A5-37B6ED80E145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B751BA4B-B7C8-4A87-A03C-5C91678FC832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "08943D31-2139-45D3-A0DB-0C11C31875CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "591FB74F-BD86-4314-A359-739A245D2642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5F2EF7B2-943F-4DFA-8249-7FC0F9FB0312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3AFC1E-01FF-4F91-8C82-5C16378812C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "95E552B8-8B26-4DEE-BC6A-BC0B01C42474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "66E26194-A7E6-4A99-8F55-7422A7E9BAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "58097735-FE3B-48B7-B5EA-3CD530E16031",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA31260C-1C67-4E76-9F56-2359BFA0B197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58F1FC50-B6EB-48FD-A2FA-B8BEB05719DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DE90BD-B5F9-4762-B086-130AB04F3CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CCD5258B-C9DE-47BD-9172-27618F220201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC95B8DD-C8C6-4FC4-81A5-23D7669DA22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "894002C8-F3C1-4241-96FE-C088BBD0FCED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C91BA7D1-2A5B-4721-8E13-6520D6F0114B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE79FBB-801F-4B1E-8FB8-CB2A1FAF6EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "253DB571-62B7-4015-A758-9DE55AAB8B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AF9D8C-B11C-4681-84CE-5C86926C85F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "955FBDF4-5103-4B19-A5F1-9468F73C7A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4AAC0FF5-9699-4011-8C07-5DDAF13B64A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1E6461-2F2A-49C5-9B2B-08DE418F2F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B3F710-13EF-4A36-B191-E0FCC1D98E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB5988E-D04B-43B9-A980-82FD44D1D198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12A1021E-587D-47D3-80E8-43D9CCB4BD72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FAC9B923-222D-4F7F-970C-0B9ADF4E86F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D31B75AE-FF82-4B70-BDEC-4B0FA791A085",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C148A9D5-8899-4956-BE45-C4DBD4A2BE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "558A2B97-6582-445F-991C-4DD530E991DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "56509587-6CE6-4497-B571-0A014E1FE064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1B24CEB4-4F57-46CB-990B-AB664CEC96EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postfix:postfix:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5044BFB-4F00-4FFC-9A66-2FDC666B6C2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "827897F6-2A24-45EC-A072-8C02BA726069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postfix:postfix:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3CFD6A-86E2-4E7B-BAC2-3163FC7DBF17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de STARTTLS de Postfix 2.4.x anteriores a 2.4.16, 2.5.x anteriores a 2.5.12, 2.6.x anteriores a 2.6.9, y 2.7.x anteriores a 2.7.3 no restringe apropiadamente el buffering de I/O, lo que permite a atacantes man-in-the-middle insertar comandos en sesiones SMTP encriptadas enviando un comando en texto claro que es procesado despu\u00e9s de que TLS es iniciado. Relacionado con un ataque de \"inyecci\u00f3n de comandos de texto en claro\"."
}
],
"id": "CVE-2011-0411",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-16T22:55:02.717",
"references": [
{
"source": "cret@cert.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "cret@cert.org",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43646"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/43874"
},
{
"source": "cret@cert.org",
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"source": "cret@cert.org",
"url": "http://securitytracker.com/id?1025179"
},
{
"source": "cret@cert.org",
"url": "http://support.apple.com/kb/HT5002"
},
{
"source": "cret@cert.org",
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z"
},
{
"source": "cret@cert.org",
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
},
{
"source": "cret@cert.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"source": "cret@cert.org",
"url": "http://www.osvdb.org/71021"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.postfix.org/CVE-2011-0411.html"
},
{
"source": "cret@cert.org",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"source": "cret@cert.org",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0423.html"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/46767"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2011/0891"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT5002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MORO-8ELH6Z"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/71021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.postfix.org/CVE-2011-0411.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0422.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0423.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
OPENSUSE-SU-2024:10318-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
pure-ftpd-1.0.43-1.3 on GA media
Notes
Title of the patch
pure-ftpd-1.0.43-1.3 on GA media
Description of the patch
These are all security issues fixed in the pure-ftpd-1.0.43-1.3 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10318
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "pure-ftpd-1.0.43-1.3 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the pure-ftpd-1.0.43-1.3 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10318",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10318-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-0411 page",
"url": "https://www.suse.com/security/cve/CVE-2011-0411/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-0418 page",
"url": "https://www.suse.com/security/cve/CVE-2011-0418/"
}
],
"title": "pure-ftpd-1.0.43-1.3 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10318-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "pure-ftpd-1.0.43-1.3.aarch64",
"product": {
"name": "pure-ftpd-1.0.43-1.3.aarch64",
"product_id": "pure-ftpd-1.0.43-1.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "pure-ftpd-1.0.43-1.3.ppc64le",
"product": {
"name": "pure-ftpd-1.0.43-1.3.ppc64le",
"product_id": "pure-ftpd-1.0.43-1.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "pure-ftpd-1.0.43-1.3.s390x",
"product": {
"name": "pure-ftpd-1.0.43-1.3.s390x",
"product_id": "pure-ftpd-1.0.43-1.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "pure-ftpd-1.0.43-1.3.x86_64",
"product": {
"name": "pure-ftpd-1.0.43-1.3.x86_64",
"product_id": "pure-ftpd-1.0.43-1.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pure-ftpd-1.0.43-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.aarch64"
},
"product_reference": "pure-ftpd-1.0.43-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pure-ftpd-1.0.43-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.ppc64le"
},
"product_reference": "pure-ftpd-1.0.43-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pure-ftpd-1.0.43-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.s390x"
},
"product_reference": "pure-ftpd-1.0.43-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pure-ftpd-1.0.43-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.x86_64"
},
"product_reference": "pure-ftpd-1.0.43-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-0411",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-0411"
}
],
"notes": [
{
"category": "general",
"text": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.aarch64",
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.ppc64le",
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.s390x",
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-0411",
"url": "https://www.suse.com/security/cve/CVE-2011-0411"
},
{
"category": "external",
"summary": "SUSE Bug 677792 for CVE-2011-0411",
"url": "https://bugzilla.suse.com/677792"
},
{
"category": "external",
"summary": "SUSE Bug 686590 for CVE-2011-0411",
"url": "https://bugzilla.suse.com/686590"
},
{
"category": "external",
"summary": "SUSE Bug 689178 for CVE-2011-0411",
"url": "https://bugzilla.suse.com/689178"
},
{
"category": "external",
"summary": "SUSE Bug 776967 for CVE-2011-0411",
"url": "https://bugzilla.suse.com/776967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.aarch64",
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.ppc64le",
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.s390x",
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-0411"
},
{
"cve": "CVE-2011-0418",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-0418"
}
],
"notes": [
{
"category": "general",
"text": "The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.aarch64",
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.ppc64le",
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.s390x",
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-0418",
"url": "https://www.suse.com/security/cve/CVE-2011-0418"
},
{
"category": "external",
"summary": "SUSE Bug 691365 for CVE-2011-0418",
"url": "https://bugzilla.suse.com/691365"
},
{
"category": "external",
"summary": "SUSE Bug 826666 for CVE-2011-0418",
"url": "https://bugzilla.suse.com/826666"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.aarch64",
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.ppc64le",
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.s390x",
"openSUSE Tumbleweed:pure-ftpd-1.0.43-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-0418"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…