ID

VAR-201103-0114


CVE

CVE-2011-0411


TITLE

STARTTLS plaintext command injection vulnerability

Trust: 0.8

sources: CERT/CC: VU#555316

DESCRIPTION

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack. Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. plural STARTTLS There is a vulnerability in the implementation of. plural STARTTLS Implementation of a man-in-the-middle attack (man-in-the-middle attack) May insert a command. This vulnerability is due to the fact that switching to ciphertext communication is performed at a lower layer than the application. This vulnerability is only relevant for implementations that perform certificate validation.An arbitrary command may be executed by a remote attacker who can intercept communications. An attacker can exploit this issue to execute arbitrary commands in the context of the user running the application. Successful exploits can allow attackers to obtain email usernames and passwords. The following vendors are affected: Ipswitch Kerio Postfix Qmail-TLS Oracle (note that the affected application is unknown) SCO Group spamdyke ISC. Postfix is ​​a mail transfer agent used in Unix-like operating systems. The STARTTLS implementation in Postfix 2.4.x prior to 2.4.16, 2.5.x prior to 2.5.12, 2.6.x prior to 2.6.9, and 2.7.x prior to 2.7.3 did not properly restrict I/ O buffering effect. ========================================================================== Ubuntu Security Notice USN-1113-1 April 18, 2011 postfix vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 9.10 - Ubuntu 8.04 LTS - Ubuntu 6.06 LTS Summary: An attacker could send crafted input to Postfix and cause it to reveal confidential information. This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. (CVE-2009-2939) Wietse Venema discovered that Postfix incorrectly handled cleartext commands after TLS is in place. (CVE-2011-0411) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.10: postfix 2.7.1-1ubuntu0.1 Ubuntu 10.04 LTS: postfix 2.7.0-1ubuntu0.1 Ubuntu 9.10: postfix 2.6.5-3ubuntu0.1 Ubuntu 8.04 LTS: postfix 2.5.1-2ubuntu1.3 Ubuntu 6.06 LTS: postfix 2.2.10-1ubuntu0.3 In general, a standard system update will make all the necessary changes. References: CVE-2009-2939, CVE-2011-0411 Package Information: https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.1 https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/postfix/2.6.5-3ubuntu0.1 https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.3 https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.3 . CVE-2011-4130 ProFTPD uses a response pool after freeing it under exceptional conditions, possibly leading to remote code execution. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://www.postfix.org/CVE-2011-0411.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: ed4ae86475a00faaadbda5683ee496f5 2009.0/i586/pure-ftpd-1.0.21-8.1mdv2009.0.i586.rpm 0dea42dbd5958a0a4a4e8a47d020062a 2009.0/i586/pure-ftpd-anon-upload-1.0.21-8.1mdv2009.0.i586.rpm 3f3c60fbe60ffa16a542ae78868042c1 2009.0/i586/pure-ftpd-anonymous-1.0.21-8.1mdv2009.0.i586.rpm 32f302505171f7d7801acec8e0aac0ab 2009.0/SRPMS/pure-ftpd-1.0.21-8.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 9fbbd20ce659012dcef2ea534b3e065c 2009.0/x86_64/pure-ftpd-1.0.21-8.1mdv2009.0.x86_64.rpm d953ece1911ad4f744b5fe5f704c2e9e 2009.0/x86_64/pure-ftpd-anon-upload-1.0.21-8.1mdv2009.0.x86_64.rpm fd131923aa12607939a33ab0d5a47690 2009.0/x86_64/pure-ftpd-anonymous-1.0.21-8.1mdv2009.0.x86_64.rpm 32f302505171f7d7801acec8e0aac0ab 2009.0/SRPMS/pure-ftpd-1.0.21-8.1mdv2009.0.src.rpm Mandriva Linux 2010.0: 580032400f3f536b90509404bfa5ff50 2010.0/i586/pure-ftpd-1.0.22-1.1mdv2010.0.i586.rpm 05fe3428a8378f9c7e8282d9e62c9fdf 2010.0/i586/pure-ftpd-anon-upload-1.0.22-1.1mdv2010.0.i586.rpm 8e63f703e071bf7f819b98cb96eeab1d 2010.0/i586/pure-ftpd-anonymous-1.0.22-1.1mdv2010.0.i586.rpm 5370b6f3148695cae7d37dd7a79c4158 2010.0/SRPMS/pure-ftpd-1.0.22-1.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 897957ada6eadf9e87bae3e26ff442fe 2010.0/x86_64/pure-ftpd-1.0.22-1.1mdv2010.0.x86_64.rpm add9ece828990b566192691992e43cc6 2010.0/x86_64/pure-ftpd-anon-upload-1.0.22-1.1mdv2010.0.x86_64.rpm 6c82671449daf5c7b9d6e40c4c33939b 2010.0/x86_64/pure-ftpd-anonymous-1.0.22-1.1mdv2010.0.x86_64.rpm 5370b6f3148695cae7d37dd7a79c4158 2010.0/SRPMS/pure-ftpd-1.0.22-1.1mdv2010.0.src.rpm Mandriva Linux 2010.1: 441c80d9c965274c99d34fce9a4bb6ca 2010.1/i586/pure-ftpd-1.0.29-2.1mdv2010.2.i586.rpm f73c5b101a3100fa5ccf7be95cb820c1 2010.1/i586/pure-ftpd-anon-upload-1.0.29-2.1mdv2010.2.i586.rpm 1bf7c0076615559f213f9e90aabe1ee3 2010.1/i586/pure-ftpd-anonymous-1.0.29-2.1mdv2010.2.i586.rpm 77f0d44baa44e8abc0a5393154d1e347 2010.1/SRPMS/pure-ftpd-1.0.29-2.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 7f83617195a06fe87d4fe91f78256ea8 2010.1/x86_64/pure-ftpd-1.0.29-2.1mdv2010.2.x86_64.rpm d0428e106e4c4233a266b62b1208f63e 2010.1/x86_64/pure-ftpd-anon-upload-1.0.29-2.1mdv2010.2.x86_64.rpm 04a2e708f8334b33fda7975f72c9afd0 2010.1/x86_64/pure-ftpd-anonymous-1.0.29-2.1mdv2010.2.x86_64.rpm 77f0d44baa44e8abc0a5393154d1e347 2010.1/SRPMS/pure-ftpd-1.0.29-2.1mdv2010.2.src.rpm Corporate 4.0: 2054ec719cbd8c9be8ad7e9bc654f79e corporate/4.0/i586/pure-ftpd-1.0.20-7.1.20060mlcs4.i586.rpm 2614d3560204ffb498f6c49453442d05 corporate/4.0/i586/pure-ftpd-anon-upload-1.0.20-7.1.20060mlcs4.i586.rpm 1fb356298d6a5c4b50b6822e8dde3e0b corporate/4.0/i586/pure-ftpd-anonymous-1.0.20-7.1.20060mlcs4.i586.rpm 63859bd845934e2d382fd2406a1fd9f7 corporate/4.0/SRPMS/pure-ftpd-1.0.20-7.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: b4d4edc6889d96135330b98057bf5396 corporate/4.0/x86_64/pure-ftpd-1.0.20-7.1.20060mlcs4.x86_64.rpm 99ffba7cc4e729a617ca45a10baa9125 corporate/4.0/x86_64/pure-ftpd-anon-upload-1.0.20-7.1.20060mlcs4.x86_64.rpm b84684dfd4166dcf6def917014355b76 corporate/4.0/x86_64/pure-ftpd-anonymous-1.0.20-7.1.20060mlcs4.x86_64.rpm 63859bd845934e2d382fd2406a1fd9f7 corporate/4.0/SRPMS/pure-ftpd-1.0.20-7.1.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 3e3694e0220ab4cfc55b3d0614443d5d mes5/i586/pure-ftpd-1.0.21-8.1mdvmes5.2.i586.rpm c281cdd9b6ab44f956802cbd9d327e36 mes5/i586/pure-ftpd-anon-upload-1.0.21-8.1mdvmes5.2.i586.rpm ab25c5522a053fddf570a7af29f79db7 mes5/i586/pure-ftpd-anonymous-1.0.21-8.1mdvmes5.2.i586.rpm 71436d40f9fe4780edc71f326a71324c mes5/SRPMS/pure-ftpd-1.0.21-8.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: dd4fbf6ccb18a342b91b2bdc07048fd9 mes5/x86_64/pure-ftpd-1.0.21-8.1mdvmes5.2.x86_64.rpm 70a0f49eaca5fd8f7a80967810fbfb7d mes5/x86_64/pure-ftpd-anon-upload-1.0.21-8.1mdvmes5.2.x86_64.rpm 7e6c3b99218158806d3c747f781a449b mes5/x86_64/pure-ftpd-anonymous-1.0.21-8.1mdvmes5.2.x86_64.rpm 71436d40f9fe4780edc71f326a71324c mes5/SRPMS/pure-ftpd-1.0.21-8.1mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Postfix "STARTTLS" Plaintext Injection Vulnerability SECUNIA ADVISORY ID: SA43646 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43646/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43646 RELEASE DATE: 2011-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/43646/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43646/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43646 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Postfix, which can be exploited by malicious people to manipulate certain data. The vulnerability is caused due to the TLS implementation not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the "STARTTLS" command. This can be exploited to insert arbitrary plaintext data (e.g. The vulnerability is reported in version 2.2 and all releases prior to versions 2.4.16, 2.5.12, 2.6.9, and 2.7.3. SOLUTION: Update to versions 2.4.16, 2.5.12, 2.6.9, and 2.7.3. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.postfix.org/CVE-2011-0411.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . This is a writeup about a flaw that I found recently, and that existed in multiple implementations of SMTP (Simple Mail Transfer Protocol) over TLS (Transport Layer Security) including my Postfix open source mailserver. I give an overview of the problem and its impact, how to find out if a server is affected, fixes, and draw lessons about where we can expect similar problems. A time line is at the end. For further reading: http://www.kb.cert.org/vuls/id/555316 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411 http://www.postfix.org/CVE-2011-0411.html (extended writeup) Wietse Problem overview and impact =========================== The TLS protocol encrypts communication and protects it against modification by other parties. This protection exists only if a) software is free of flaws, and b) clients verify the server's TLS certificate, so that there can be no "man in the middle" (servers usually don't verify client certificates). The problem discussed in this writeup is caused by a software flaw. The injected commands could be used to steal the victim's email or SASL (Simple Authentication and Security Layer) username and password. This is not as big a problem as it may appear to be. The reason is that many SMTP client applications don't verify server TLS certificates. These SMTP clients are always vulnerable to command injection and other attacks. Their TLS sessions are only encrypted but not protected. A similar plaintext injection flaw may exist in the way SMTP clients handle SMTP-over-TLS server responses, but its impact is less interesting than the server-side flaw. SMTP is not the only protocol with a mid-session switch from plaintext to TLS. Other examples are POP3, IMAP, NNTP and FTP. Implementations of these protocols may be affected by the same flaw as discussed here. Demonstration ============= The problem is easy to demonstrate with a one-line change to the OpenSSL s_client command source code (I would prefer scripting, but having to install Perl CPAN modules and all their dependencies is more work than downloading a .tar.gz file from openssl.org, adding eight characters to one line, and doing "./config; make"). The OpenSSL s_client command can make a connection to servers that support straight TLS, SMTP over TLS, or a handful other protocols over TLS. The demonstration with SMTP over TLS involves a one-line change in the OpenSSL s_client source code (with OpenSSL 1.0.0, at line 1129 of file apps/s_client.c). Old: BIO_printf(sbio,"STARTTLS\r\n"); New: BIO_printf(sbio,"STARTTLS\r\nRSET\r\n"); With this change, the s_client command sends the plaintext STARTTLS command ("let's turn on TLS") immediately followed by an RSET command (a relatively harmless protocol "reset"). Both commands are sent as plaintext in the same TCP/IP packet, and arrive together at the server. The "\r\n" are the carriage-return and newline characters; these are necessary to terminate an SMTP command. When an SMTP server has the plaintext injection flaw, it reads the STARTTLS command first, switches to SMTP-over-TLS mode, and only then the server reads the RSET command. Note, the RSET command was transmitted during the plaintext SMTP phase when there is no protection, but the server reads the command as if it was received over the TLS-protected channel. Thus, when the SMTP server has the flaw, the s_client command output will show two "250" SMTP server responses instead of one. The first "250" response is normal, and is present even when the server is not flawed. The second "250" response is for the RSET command, and indicates that the SMTP server has the plaintext injection flaw. $ apps/openssl s_client -quiet -starttls smtp -connect server:port [some server TLS certificate details omitted] 250 some text here <=== Normal response, also with "good" server. 250 more text here <=== RSET response, only with flawed server. Anatomy of the flaw: it's all about the plumbing ================================================ Whether a program may have the plaintext injection flaw depends on how it adjusts the plumbing, as it inserts the TLS protocol layer in-between the SMTP protocol layer and the O/S TCP/IP protocol layer. I illustrate this with examples from three open source MTAs: Postfix, Sendmail and Exim. The diagram below is best viewed with a fixed-width font, for example, from the Courier family. Postfix MTA Sendmail MTA Exim MTA before/after before/after before/after switch to TLS switch to TLS switch to TLS SMTP SMTP SMTP SMTP SMTP SMTP <= SMTP layer || || || || || || stream stream stream stream' || || buffers buffers buffers buffers' rw r'w' <= stream layer rw r'w' rw r'w' || || || || || || || || || TLS || TLS || TLS <= TLS layer || || || || || || O/S O/S O/S O/S O/S O/S <= TCP/IP layer As shown in the diagram, both Postfix and Sendmail use an application- level stream abstraction, where each stream has properties such as read/write buffers, read/write functions (indicated with rw), and other properties that are omitted for brevity. When Postfix switches to SMTP over TLS, it replaces the plaintext read/write functions (rw) with the TLS read/write functions (r'w'). Postfix does not modify any of the other stream properties including the read/write buffers. A patch for qmail that introduces TLS support uses the same approach. This approach of replacing only the stream read/write functions, but not the buffers or other stream properties, can introduce the plaintext injection flaw. When Sendmail switches to SMTP over TLS, it replaces the entire stream, along with its read/write buffers and read/write functions. Exim, on the other hand, does not seem to have a stream abstraction like Postfix, Sendmail or qmail. Instead of replacing streams or stream properties, Exim replaces plaintext read/write functions with TLS read/write functions. Because of their program structure, Sendmail and Exim didn't suffer from the plaintext injection flaw. Fixing the problem ================== There are two solutions to address the flaw, and both solutions can be used together. - Report an error when unexpected plaintext is received after the STARTTLS command. As documented in RFC 3207, STARTTLS must be the last command in a pipelined group. If plaintext commands are received after STARTTLS, then that is a protocol violation. This measure can also be implemented outside the MTA, for example in a protocol-aware firewall. - If a program uses the same input buffer before and after the switch to TLS, it should discard the contents of the input buffer, just like it discards SMTP protocol information that it received during the plaintext protocol phase. Conclusion ========== This plaintext injection problem is likely to recur when some development moves the plaintext-to-ciphertext switch outside the application: for example, into the kernel, into the local hardware, into a proxy, or into other infrastructure. This encourages applications to use the same application-level streams and buffers and read/write functions before and after the switch to ciphertext. When this migration happens, plaintext injection becomes once more a possibility. Time line ========= Jan 5 2011: While finishing Postfix for its annual release, I found and fixed this flaw in the SMTP server and client implementations, where it had been sitting ever since TLS support was adopted. Jan 6-10 2011: As we investigated the scope of the problem, Victor Duchovni (co-developer) discovered that other implementations were also affected including security providers and security appliances. Jan 11 2011: Contact CERT/CC to help coordinate with the problem's resolution. Mar 7 2011: Public announcement, and Postfix legacy release updates. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2233-1 security@debian.org http://www.debian.org/security/ Florian Weimer May 10, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postfix Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2009-2939 CVE-2011-0411 CVE-2011-1720 Several vulnerabilities were discovered in Postfix, a mail transfer agent. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2939 The postinst script grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files. CVE-2011-1720 A heap-based read-only buffer overflow allows malicious clients to crash the smtpd server process using a crafted SASL authentication request. For the oldstable distribution (lenny), this problem has been fixed in version 2.5.5-1.1+lenny1. For the stable distribution (squeeze), this problem has been fixed in version 2.7.1-1+squeeze1. For the unstable distribution (sid), this problem has been fixed in version 2.8.0-1. We recommend that you upgrade your postfix packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJNyXybAAoJEL97/wQC1SS+xb0H/igqYhOTtvO91deptOPyednw 5sBQPXGoo+RXeomLsJk8P6ezm7fEGTSl7GUEpNwS1qsqAPVnl9XAK6dOGFae1PbG 2L93eR6AKgKo60tp2On1Tf1c0HcD6yKiZ6J7C7nZ3E8+yZwSd1k6826ZUQ3gzKKW DTIu6w2CzzleK/bppWfhAvwvobHD6X1B16qklZfqw6H0C/QfMjM8ZXLCRv9Tq1TN jX1W4qeed7pr8r3pTJ9npzae7drqFLoVDi0tpGKi0UHEwgRma1AbDaI2BVmeblue YNRHg7H+TqfrUwN8iB64WrYvqnHCQfvViL8f0ML2uJXJf/lHby+vxPl6EGxAIoY= =yCCp -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Trust: 3.33

sources: NVD: CVE-2011-0411 // CERT/CC: VU#555316 // JVNDB: JVNDB-2011-001357 // BID: 46767 // VULHUB: VHN-48356 // VULMON: CVE-2011-0411 // PACKETSTORM: 100558 // PACKETSTORM: 107027 // PACKETSTORM: 99457 // PACKETSTORM: 99097 // PACKETSTORM: 99053 // PACKETSTORM: 101275

AFFECTED PRODUCTS

vendor:postfixmodel:postfixscope:eqversion:2.4.3

Trust: 1.6

vendor:postfixmodel:postfixscope:eqversion:2.4.8

Trust: 1.6

vendor:postfixmodel:postfixscope:eqversion:2.4.1

Trust: 1.6

vendor:postfixmodel:postfixscope:eqversion:2.4.7

Trust: 1.6

vendor:postfixmodel:postfixscope:eqversion:2.4.5

Trust: 1.6

vendor:postfixmodel:postfixscope:eqversion:2.4.6

Trust: 1.6

vendor:postfixmodel:postfixscope:eqversion:2.4.4

Trust: 1.6

vendor:postfixmodel:postfixscope:eqversion:2.4.2

Trust: 1.6

vendor:postfixmodel:postfixscope:eqversion:2.4.0

Trust: 1.6

vendor:postfixmodel:postfixscope:eqversion:2.4

Trust: 1.6

vendor:postfixmodel:postfixscope:eqversion:2.5.4

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.4.15

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.5.11

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.4.13

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.5.3

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.4.11

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.6.5

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.5.6

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.5.1

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.5.5

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.6.3

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.5.8

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.7.2

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.7.1

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.5.0

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.4.12

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.5.9

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.6.2

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.6.7

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.4.14

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.6.8

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.4.9

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.5.7

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.5.10

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.6

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.6.4

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.6.0

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.7.0

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.4.10

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.6.1

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.5.2

Trust: 1.0

vendor:postfixmodel:postfixscope:eqversion:2.6.6

Trust: 1.0

vendor:cyrus imapmodel: - scope: - version: -

Trust: 0.8

vendor:debian gnu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:ipswitchmodel: - scope: - version: -

Trust: 0.8

vendor:keriomodel: - scope: - version: -

Trust: 0.8

vendor:postfixmodel: - scope: - version: -

Trust: 0.8

vendor:qmail tlsmodel: - scope: - version: -

Trust: 0.8

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel: - scope: - version: -

Trust: 0.8

vendor:ubuntumodel: - scope: - version: -

Trust: 0.8

vendor:watchguardmodel: - scope: - version: -

Trust: 0.8

vendor:proftpdmodel:proftpdscope:eqversion:1.3.3

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86-64)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0 (x86-64)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0 (x86-64)

Trust: 0.8

vendor:turbo linuxmodel:turbolinux appliance serverscope:eqversion:3.0

Trust: 0.8

vendor:turbo linuxmodel:turbolinux appliance serverscope:eqversion:3.0 (x64)

Trust: 0.8

vendor:turbo linuxmodel:turbolinux clientscope:eqversion:2008 and 12.5

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:11

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:11 (x64)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4.8 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4.8 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:5 (server)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:4.0

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:5.0 (client)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux long lifescope:eqversion:(v. 5.6 server)

Trust: 0.8

vendor:red hatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.8

vendor:debianmodel:linux armelscope:eqversion:5.0

Trust: 0.3

vendor:kolabmodel:groupware serverscope:eqversion:2.3.1

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:6.1

Trust: 0.3

vendor:spamdykemodel:spamdykescope:neversion:4.2.1

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:6.7.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.7

Trust: 0.3

vendor:cyrusmodel:imap serverscope:eqversion:2.4

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:2.5.4

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:8.22

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:5.7.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:5.0

Trust: 0.3

vendor:susemodel:linux enterprise sp3scope:eqversion:10

Trust: 0.3

vendor:kolabmodel:groupware server 2.2-rc3scope: - version: -

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:5.7.9

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.6

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:8.01

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:2.4.9

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:7.0.5

Trust: 0.3

vendor:kolabmodel:groupware serverscope:eqversion:2.0.3

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:2.5.5

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:2.1.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.8

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:4.0

Trust: 0.3

vendor:redhatmodel:enterprise linux server optionalscope:eqversion:6

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:7.0.1

Trust: 0.3

vendor:iscmodel:innscope:eqversion:2.3.2

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:6.06

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:2.2.3

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:pureftpdmodel:pure-ftpdscope:neversion:1.0.30

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.3

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:10.04

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop versionscope:eqversion:4

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.5

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:6.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:20011115

Trust: 0.3

vendor:kolabmodel:groupware server -rc2scope:eqversion:2.2

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:kolabmodel:groupware serverscope:eqversion:2.2.3

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:8.11

Trust: 0.3

vendor:sunmodel:java system messaging serverscope:eqversion:7.0

Trust: 0.3

vendor:keriomodel:mailserver patchscope:eqversion:6.7.01

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:6.2.2

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:5.0.8

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:6.5

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:5.7.1

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:5.0

Trust: 0.3

vendor:pardusmodel:linuxscope:eqversion:20110

Trust: 0.3

vendor:iscmodel:innscope:eqversion:2.5.2

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:6.06

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:5.6.3

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:5.7.3

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:6.1.3

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:4.0

Trust: 0.3

vendor:ipswitchmodel:imail hotfixscope:eqversion:8.22

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.4

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:5.0.5

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:8.13

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation optionalscope:eqversion:6

Trust: 0.3

vendor:keriomodel:mailserver patchscope:eqversion:6.6.23

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.2

Trust: 0.3

vendor:susemodel:linux enterprise sp2scope:eqversion:10

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:pureftpdmodel:pure-ftpdscope:eqversion:1.0.29

Trust: 0.3

vendor:kolabmodel:groupware server 2.1.beta3scope: - version: -

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0

Trust: 0.3

vendor:iscmodel:innscope:eqversion:2.3.3

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:6.4.1

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:7.0.2

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:6.0.3

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:6.06

Trust: 0.3

vendor:kolabmodel:groupware serverscope:neversion:2.3.2

Trust: 0.3

vendor:iscmodel:innscope:neversion:2.5.3

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2.8

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.10

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:7.0.3

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:2.4.8

Trust: 0.3

vendor:spamdykemodel:spamdykescope:eqversion:4.2

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2009.0

Trust: 0.3

vendor:keriomodel:mailserver patchscope:eqversion:6.1.31

Trust: 0.3

vendor:ubuntumodel:linuxscope:eqversion:9.10

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.1

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:2.1

Trust: 0.3

vendor:avayamodel:messaging storage server sp2scope:eqversion:5.2

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:6.0.4

Trust: 0.3

vendor:avayamodel:messaging storage server sp1scope:eqversion:5.1

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:1.1.13

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:19991231

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:4.0

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:4.0

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:6.4

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.1

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:8.0.3

Trust: 0.3

vendor:cyrusmodel:imap serverscope:neversion:2.4.7

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.10

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:6.7

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:6.6.1

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:6.3.1

Trust: 0.3

vendor:debianmodel:linuxscope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:9.10

Trust: 0.3

vendor:keriomodel:connect buildscope:eqversion:7.1.42985

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:kolabmodel:groupware serverscope:eqversion:2.2

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:7.12

Trust: 0.3

vendor:susemodel:linux enterprise sp4scope:eqversion:10

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:6.6.2

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:6.4.2

Trust: 0.3

vendor:kolabmodel:groupware serverscope:eqversion:2.1

Trust: 0.3

vendor:kolabmodel:groupware server 2.1beta2scope: - version: -

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:8.0.5

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.10

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:6.06

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:2.6-20080902

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:4.0

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:5.0.6

Trust: 0.3

vendor:susemodel:linux enterprise sp1scope:eqversion:11

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:4.0

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:5.7.2

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:6.0.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.6

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:scomodel:scooffice serverscope:eqversion:0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:6.0.9

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:8.20

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.1

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:7.0.4

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.7

Trust: 0.3

vendor:iscmodel:innscope:eqversion:2.3.1

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:6.0.3

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:5.1

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:4.0

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:9.10

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:8.2

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:3.1

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:8.1

Trust: 0.3

vendor:kolabmodel:groupware serverscope:eqversion:2.2.2

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:2.1.3

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:1.1.12

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:9.10

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:2.2.4

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:1.1.11

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0.1

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:6.0.4

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:5.0

Trust: 0.3

vendor:watchguardmodel:xcsscope:eqversion:9.1

Trust: 0.3

vendor:qmail smtpd authmodel:netqmailscope:eqversion:0

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:9.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:iscmodel:innscope:eqversion:2.4.0

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:8.14

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:9.10

Trust: 0.3

vendor:iscmodel:innscope:eqversion:2.4.1

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:7.0.7

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:6.0.6

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:1.0.21

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:2.0

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:6.0.1

Trust: 0.3

vendor:kolabmodel:groupware serverscope:eqversion:2.2.4

Trust: 0.3

vendor:sunmodel:java system messaging serverscope:eqversion:6.3

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:4.0

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:6.0.5

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:susemodel:linux enterprise serverscope:eqversion:9

Trust: 0.3

vendor:kolabmodel:groupware server 2.2-rc1scope: - version: -

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:5.7.10

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:5.6.5

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:5.7.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:message networking sp1scope:eqversion:5.2

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:2.8

Trust: 0.3

vendor:kolabmodel:groupware server beta3scope:eqversion:2.2

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:5.0

Trust: 0.3

vendor:iscmodel:innscope:eqversion:2.3

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:4.0

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:6.3

Trust: 0.3

vendor:debianmodel:linux armelscope:eqversion:4.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:6.0.10

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:2.6

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:20010228

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:5.6.4

Trust: 0.3

vendor:kolabmodel:groupware serverscope:eqversion:2.0.2

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:5.1.1

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:4.0

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:0

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:7.1

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:4.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:messaging storage server sp1scope:eqversion:5.2

Trust: 0.3

vendor:ipswitchmodel:imail hotfixscope:eqversion:8.151

Trust: 0.3

vendor:cyrusmodel:imap serverscope:eqversion:2.4.6

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:6.0.2

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:2006.2

Trust: 0.3

vendor:ietfmodel:starttlsscope:eqversion:0

Trust: 0.3

vendor:keriomodel:mailserver buildscope:eqversion:6.6.17069

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:7.0

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:5.0.7

Trust: 0.3

vendor:pardusmodel:linuxscope:eqversion:20090

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.2

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:6.0.1

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:messaging storage server sp3scope:eqversion:5.2

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:5.0

Trust: 0.3

vendor:kolabmodel:groupware server beta1scope:eqversion:2.2

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:5.7.5

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:6.2

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:5.0

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:wietsemodel:venema postfix patchlevelscope:eqversion:2.5.44

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2.2

Trust: 0.3

vendor:ipswitchmodel:imailscope:eqversion:7.0.6

Trust: 0.3

vendor:kolabmodel:groupware serverscope:eqversion:2.0.1

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:5.7.4

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:5.7.7

Trust: 0.3

vendor:kolabmodel:groupware serverscope:eqversion:2.0.4

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2009.0

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:2.2.10

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:19990906

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:9.10

Trust: 0.3

vendor:avayamodel:messaging storage server sp2scope:eqversion:5.1

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linuxscope:eqversion:4.0

Trust: 0.3

vendor:keriomodel:mailserverscope:eqversion:5.7.6

Trust: 0.3

vendor:watchguardmodel:xcsscope:eqversion:9.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:5.0

Trust: 0.3

sources: CERT/CC: VU#555316 // BID: 46767 // JVNDB: JVNDB-2011-001357 // CNNVD: CNNVD-201103-213 // NVD: CVE-2011-0411

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-0411
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#555316
value: 1.39

Trust: 0.8

NVD: CVE-2011-0411
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201103-213
value: MEDIUM

Trust: 0.6

VULHUB: VHN-48356
value: MEDIUM

Trust: 0.1

VULMON: CVE-2011-0411
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-0411
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-48356
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#555316 // VULHUB: VHN-48356 // VULMON: CVE-2011-0411 // JVNDB: JVNDB-2011-001357 // CNNVD: CNNVD-201103-213 // NVD: CVE-2011-0411

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-48356 // JVNDB: JVNDB-2011-001357 // NVD: CVE-2011-0411

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 107027 // CNNVD: CNNVD-201103-213

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201103-213

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-001357

PATCH

title:postfix-2.3.3-2.10.AXS3url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1399

Trust: 0.8

title:2211url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2211

Trust: 0.8

title:2212url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2212

Trust: 0.8

title:3624url:http://bugs.proftpd.org/show_bug.cgi?id=3624

Trust: 0.8

title:NEWS-1.3.3eurl:http://www.proftpd.org/docs/NEWS-1.3.3e

Trust: 0.8

title:NEWS-1.3.4rc2url:http://www.proftpd.org/docs/NEWS-1.3.4rc2

Trust: 0.8

title:RHSA-2011:0422url:https://rhn.redhat.com/errata/RHSA-2011-0422.html

Trust: 0.8

title:RHSA-2011:0423url:https://rhn.redhat.com/errata/RHSA-2011-0423.html

Trust: 0.8

title:TLSA-2011-13url:http://www.turbolinux.co.jp/security/2011/TLSA-2011-13j.txt

Trust: 0.8

title:TLSA-2013-4url:http://www.turbolinux.co.jp/security/2013/TLSA-2013-4j.html

Trust: 0.8

title:Postfix STARTTLS Achieve repair measures for plaintext command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159437

Trust: 0.6

title:Debian CVElist Bug Report Logs: postfix STARTTLS affected by CVE-2011-0411url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=74282b8fe400ed6ddbb6171a1052e2fd

Trust: 0.1

title:Debian CVElist Bug Report Logs: [CVE-2011-4130] Use-after-free issueurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=f7453f9ff437afb706c192fb10d67eb2

Trust: 0.1

title:Debian CVElist Bug Report Logs: inn: CVE-2012-3523 prone to STARTTLS plaintext command injectionurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=a774850c70017348487727b907fda84b

Trust: 0.1

title:Debian CVElist Bug Report Logs: courier: CVE-2021-38084url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=9dc8ffd76b724b58108eb46bc913121c

Trust: 0.1

title:Debian CVElist Bug Report Logs: STARTTLS plaintext command injectionurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=b03b4eab65949f1c915b1538f80e6a4b

Trust: 0.1

title:Ubuntu Security Notice: postfix vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-1113-1

Trust: 0.1

title:Debian Security Advisories: DSA-2346-2 proftpd-dfsg -- several vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a1db5959643fcc6f1957a67359aa92ed

Trust: 0.1

title:Debian Security Advisories: DSA-2233-1 postfix -- several vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=96aadd3bb66ec0adb18615b395c09544

Trust: 0.1

title:Visionurl:https://github.com/CoolerVoid/Vision

Trust: 0.1

title:Vision2url:https://github.com/CoolerVoid/Vision2

Trust: 0.1

sources: VULMON: CVE-2011-0411 // JVNDB: JVNDB-2011-001357 // CNNVD: CNNVD-201103-213

EXTERNAL IDS

db:CERT/CCid:VU#555316

Trust: 3.8

db:NVDid:CVE-2011-0411

Trust: 3.5

db:BIDid:46767

Trust: 2.9

db:SECUNIAid:43646

Trust: 2.8

db:VUPENid:ADV-2011-0611

Trust: 2.6

db:SECTRACKid:1025179

Trust: 2.6

db:SECUNIAid:43874

Trust: 1.8

db:VUPENid:ADV-2011-0891

Trust: 1.8

db:VUPENid:ADV-2011-0752

Trust: 1.8

db:OSVDBid:71021

Trust: 1.8

db:JUNIPERid:JSA10705

Trust: 1.8

db:OPENWALLid:OSS-SECURITY/2021/08/10/2

Trust: 1.1

db:XFid:65932

Trust: 0.8

db:JVNDBid:JVNDB-2011-001357

Trust: 0.8

db:CNNVDid:CNNVD-201103-213

Trust: 0.7

db:PACKETSTORMid:99457

Trust: 0.2

db:PACKETSTORMid:107027

Trust: 0.2

db:PACKETSTORMid:99053

Trust: 0.2

db:PACKETSTORMid:114177

Trust: 0.1

db:PACKETSTORMid:99392

Trust: 0.1

db:VULHUBid:VHN-48356

Trust: 0.1

db:VULMONid:CVE-2011-0411

Trust: 0.1

db:PACKETSTORMid:100558

Trust: 0.1

db:PACKETSTORMid:99097

Trust: 0.1

db:PACKETSTORMid:101275

Trust: 0.1

sources: CERT/CC: VU#555316 // VULHUB: VHN-48356 // VULMON: CVE-2011-0411 // BID: 46767 // JVNDB: JVNDB-2011-001357 // PACKETSTORM: 100558 // PACKETSTORM: 107027 // PACKETSTORM: 99457 // PACKETSTORM: 99097 // PACKETSTORM: 99053 // PACKETSTORM: 101275 // CNNVD: CNNVD-201103-213 // NVD: CVE-2011-0411

REFERENCES

url:http://www.kb.cert.org/vuls/id/555316

Trust: 3.1

url:http://www.securityfocus.com/bid/46767

Trust: 2.6

url:http://securitytracker.com/id?1025179

Trust: 2.6

url:http://secunia.com/advisories/43646

Trust: 2.6

url:http://www.vupen.com/english/advisories/2011/0611

Trust: 2.6

url:http://www.postfix.org/cve-2011-0411.html

Trust: 2.4

url:http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

Trust: 2.1

url:http://lists.apple.com/archives/security-announce/2011//oct/msg00003.html

Trust: 1.8

url:http://support.apple.com/kb/ht5002

Trust: 1.8

url:http://www.kb.cert.org/vuls/id/moro-8elh6z

Trust: 1.8

url:http://www.debian.org/security/2011/dsa-2233

Trust: 1.8

url:http://lists.fedoraproject.org/pipermail/package-announce/2011-march/056560.html

Trust: 1.8

url:http://lists.fedoraproject.org/pipermail/package-announce/2011-march/056559.html

Trust: 1.8

url:http://security.gentoo.org/glsa/glsa-201206-33.xml

Trust: 1.8

url:http://www.osvdb.org/71021

Trust: 1.8

url:http://www.redhat.com/support/errata/rhsa-2011-0422.html

Trust: 1.8

url:http://www.redhat.com/support/errata/rhsa-2011-0423.html

Trust: 1.8

url:http://secunia.com/advisories/43874

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

Trust: 1.8

url:http://www.vupen.com/english/advisories/2011/0752

Trust: 1.8

url:http://www.vupen.com/english/advisories/2011/0891

Trust: 1.8

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/65932

Trust: 1.8

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10705

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/08/10/2

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0411

Trust: 0.9

url:http://tools.ietf.org/html/rfc2595

Trust: 0.8

url:http://tools.ietf.org/html/rfc3207

Trust: 0.8

url:http://tools.ietf.org/html/rfc4642

Trust: 0.8

url:https://bugzilla.redhat.com/show_bug.cgi?id=674814

Trust: 0.8

url:http://www.watchguard.com/archive/softwarecenter.asp

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/65932

Trust: 0.8

url:http://jvn.jp/cert/jvnvu555316

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0411

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2011-0411

Trust: 0.5

url:http://kolab.org/pipermail/kolab-announce/2011/000101.html

Trust: 0.3

url:http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424

Trust: 0.3

url:http://cyrusimap.org/mediawiki/index.php/bugs_resolved_in_2.4.7

Trust: 0.3

url:https://www.isc.org/software/inn/2.5.3article

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/mapg-8d9m4p

Trust: 0.3

url:http://files.kolab.org/server/release/kolab-server-2.3.2/sources/release-notes.txt

Trust: 0.3

url:http://www.pureftpd.org/project/pure-ftpd/news

Trust: 0.3

url:http://www.watchguard.com/support/release-notes/xcs/9/en-us/en_releasenotes_xcs_9_1_1/en_releasenotes_wg_xcs_9_1_tls_hotfix.pdf

Trust: 0.3

url:http://www.spamdyke.org/documentation/changelog.txt

Trust: 0.3

url:http://datatracker.ietf.org/doc/draft-josefsson-kerberos5-starttls/?include_text=1

Trust: 0.3

url:/archive/1/516901

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100134676

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100141041

Trust: 0.3

url:https://bugzilla.redhat.com/show_bug.cgi?id=850478

Trust: 0.3

url:http://inoa.net/qmail-tls/vu555316.patch

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2009-2939

Trust: 0.2

url:http://secunia.com/

Trust: 0.2

url:http://www.debian.org/security/faq

Trust: 0.2

url:http://www.debian.org/security/

Trust: 0.2

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.2

url:http://kb.juniper.net/infocenter/index?page=content&amp;id=jsa10705

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/264.html

Trust: 0.1

url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617849

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=22617

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/1113-1/

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/postfix/2.6.5-3ubuntu0.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.3

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4130

Trust: 0.1

url:http://www.mandriva.com/security/

Trust: 0.1

url:http://store.mandriva.com/product_info.php?cpath=149&amp;products_id=490

Trust: 0.1

url:http://www.mandriva.com/security/advisories

Trust: 0.1

url:http://secunia.com/advisories/43646/#comments

Trust: 0.1

url:http://secunia.com/products/corporate/vim/section_179/

Trust: 0.1

url:http://secunia.com/products/corporate/evm/

Trust: 0.1

url:http://secunia.com/advisories/43646/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=43646

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1720

Trust: 0.1

sources: CERT/CC: VU#555316 // VULHUB: VHN-48356 // VULMON: CVE-2011-0411 // BID: 46767 // JVNDB: JVNDB-2011-001357 // PACKETSTORM: 100558 // PACKETSTORM: 107027 // PACKETSTORM: 99457 // PACKETSTORM: 99097 // PACKETSTORM: 99053 // PACKETSTORM: 101275 // CNNVD: CNNVD-201103-213 // NVD: CVE-2011-0411

CREDITS

Wietse Venema

Trust: 0.4

sources: BID: 46767 // PACKETSTORM: 99053

SOURCES

db:CERT/CCid:VU#555316
db:VULHUBid:VHN-48356
db:VULMONid:CVE-2011-0411
db:BIDid:46767
db:JVNDBid:JVNDB-2011-001357
db:PACKETSTORMid:100558
db:PACKETSTORMid:107027
db:PACKETSTORMid:99457
db:PACKETSTORMid:99097
db:PACKETSTORMid:99053
db:PACKETSTORMid:101275
db:CNNVDid:CNNVD-201103-213
db:NVDid:CVE-2011-0411

LAST UPDATE DATE

2024-12-25T20:07:53.856000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#555316date:2011-09-08T00:00:00
db:VULHUBid:VHN-48356date:2017-08-17T00:00:00
db:VULMONid:CVE-2011-0411date:2021-08-10T00:00:00
db:BIDid:46767date:2015-04-13T21:35:00
db:JVNDBid:JVNDB-2011-001357date:2013-08-09T00:00:00
db:CNNVDid:CNNVD-201103-213date:2021-08-11T00:00:00
db:NVDid:CVE-2011-0411date:2024-11-21T01:23:54.933

SOURCES RELEASE DATE

db:CERT/CCid:VU#555316date:2011-03-07T00:00:00
db:VULHUBid:VHN-48356date:2011-03-16T00:00:00
db:VULMONid:CVE-2011-0411date:2011-03-16T00:00:00
db:BIDid:46767date:2011-03-07T00:00:00
db:JVNDBid:JVNDB-2011-001357date:2011-04-05T00:00:00
db:PACKETSTORMid:100558date:2011-04-18T22:40:46
db:PACKETSTORMid:107027date:2011-11-16T04:40:08
db:PACKETSTORMid:99457date:2011-03-18T21:45:06
db:PACKETSTORMid:99097date:2011-03-09T06:30:30
db:PACKETSTORMid:99053date:2011-03-07T19:44:44
db:PACKETSTORMid:101275date:2011-05-10T18:42:48
db:CNNVDid:CNNVD-201103-213date:2011-03-17T00:00:00
db:NVDid:CVE-2011-0411date:2011-03-16T22:55:02.717