Scientific Linux 6.x Moderate Advisory: Postfix TLS Issue Threat

Apr 07, 2011 •

LinuxSecurity Advisories

1 - 2 min read

Scientific Large Esm H500

Topics Covered

security advisory moderate postfix scientific linux mail theft TLS command injection

Moderate: postfix security update

Date: Thu, 7 Apr 2011 10:50:59 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux

From: Troy Dawson 
Subject: Security ERRATA Moderate: postfix on SL6.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."

MIME-Version: 1.0

Synopsis:	Moderate: postfix security update
Issue date:	2011-04-06
CVE Names:	CVE-2011-0411

It was discovered that Postfix did not flush the received SMTP commands
buffer after switching to TLS encryption for an SMTP session. A
man-in-the-middle attacker could use this flaw to inject SMTP commands
into a victim's session during the plain text phase. This would lead to
those commands being processed by Postfix after TLS encryption is
enabled, possibly allowing the attacker to steal the victim's mail or
authentication credentials. (CVE-2011-0411)

After installing this update, the postfix service will be restarted
automatically.

SL 6.x

 SRPMS:
postfix-2.6.6-2.1.el6_0.src.rpm
 i386:
postfix-2.6.6-2.1.el6_0.i686.rpm
postfix-perl-scripts-2.6.6-2.1.el6_0.i686.rpm
 x86_64:
postfix-2.6.6-2.1.el6_0.x86_64.rpm
postfix-perl-scripts-2.6.6-2.1.el6_0.x86_64.rpm

- Scientific Linux Development Team

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here