This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Postfix | First view | 2011-03-16 |
| Product | Postfix | Last view | 2023-12-24 |
| Version | 2.4.15 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:postfix:postfix | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.3 | 2023-12-24 | CVE-2023-51764 | Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports |
| 7.8 | 2018-04-16 | CVE-2017-10140 | Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory. |
| 6.8 | 2011-05-13 | CVE-2011-1720 | The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method. |
| 6.8 | 2011-03-16 | CVE-2011-0411 | The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (1) | CWE-345 | Insufficient Verification of Data Authenticity |
| 33% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 33% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 72259 | Postfix SMTP Cyrus SASL Authentication Context Data Reuse Memory Corruption |
| 72186 | Cyrus IMAP Server STARTTLS Arbitrary Plaintext Command Injection |
| 71946 | Oracle Sun Java System Messaging Server SMTP Server / IMAP Server / POP Serve... |
| 71021 | Postfix STARTTLS Arbitrary Plaintext Command Injection |
OpenVAS Exploits
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 2012-10-03 | Name : Mandriva Update for inn MDVSA-2012:156 (inn) File : nvt/gb_mandriva_MDVSA_2012_156.nasl |
| 2012-08-30 | Name : FreeBSD Ports: inn File : nvt/freebsd_inn0.nasl |
| 2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-33 (Postfix) File : nvt/glsa_201206_33.nasl |
| 2012-07-30 | Name : CentOS Update for postfix CESA-2011:0843 centos5 x86_64 File : nvt/gb_CESA-2011_0843_postfix_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for postfix CESA-2011:0843 centos4 x86_64 File : nvt/gb_CESA-2011_0843_postfix_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for postfix CESA-2011:0422 centos4 x86_64 File : nvt/gb_CESA-2011_0422_postfix_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for postfix CESA-2011:0422 centos5 x86_64 File : nvt/gb_CESA-2011_0422_postfix_centos5_x86_64.nasl |
| 2012-06-06 | Name : RedHat Update for postfix RHSA-2011:0423-01 File : nvt/gb_RHSA-2011_0423-01_postfix.nasl |
| 2012-02-11 | Name : Debian Security Advisory DSA 2346-1 (proftpd-dfsg) File : nvt/deb_2346_1.nasl |
| 2011-10-20 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006) File : nvt/gb_macosx_su11-006.nasl |
| 2011-08-09 | Name : CentOS Update for postfix CESA-2011:0422 centos5 i386 File : nvt/gb_CESA-2011_0422_postfix_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for postfix CESA-2011:0843 centos5 i386 File : nvt/gb_CESA-2011_0843_postfix_centos5_i386.nasl |
| 2011-08-03 | Name : FreeBSD Ports: pure-ftpd File : nvt/freebsd_pure-ftpd.nasl |
| 2011-08-03 | Name : Debian Security Advisory DSA 2233-1 (postfix) File : nvt/deb_2233_1.nasl |
| 2011-08-03 | Name : FreeBSD Ports: postfix, postfix-base File : nvt/freebsd_postfix0.nasl |
| 2011-06-06 | Name : CentOS Update for postfix CESA-2011:0843 centos4 i386 File : nvt/gb_CESA-2011_0843_postfix_centos4_i386.nasl |
| 2011-06-06 | Name : RedHat Update for postfix RHSA-2011:0843-01 File : nvt/gb_RHSA-2011_0843-01_postfix.nasl |
| 2011-06-03 | Name : Mandriva Update for cyrus-imapd MDVSA-2011:100 (cyrus-imapd) File : nvt/gb_mandriva_MDVSA_2011_100.nasl |
| 2011-05-26 | Name : Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability File : nvt/secpod_postfix_cyrus_sasl_memory_corruption_vuln.nasl |
| 2011-05-23 | Name : Fedora Update for postfix FEDORA-2011-6771 File : nvt/gb_fedora_2011_6771_postfix_fc14.nasl |
| 2011-05-23 | Name : Fedora Update for postfix FEDORA-2011-6777 File : nvt/gb_fedora_2011_6777_postfix_fc13.nasl |
| 2011-05-23 | Name : Mandriva Update for postfix MDVSA-2011:090 (postfix) File : nvt/gb_mandriva_MDVSA_2011_090.nasl |
| 2011-05-17 | Name : Ubuntu Update for postfix USN-1131-1 File : nvt/gb_ubuntu_USN_1131_1.nasl |
| 2011-05-12 | Name : FreeBSD Ports: postfix, postfix-base File : nvt/freebsd_postfix.nasl |
| 2011-05-10 | Name : Ubuntu Update for postfix USN-1113-1 File : nvt/gb_ubuntu_USN_1113_1.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Postfix SMTP Server SASL AUTH Handle Reuse Memory Corruption RuleID : 19708 - Type : SERVER-MAIL - Revision : 12 |
Nessus® Vulnerability Scanner
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 2018-07-03 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1205.nasl - Type: ACT_GATHER_INFO |
| 2018-07-03 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1204.nasl - Type: ACT_GATHER_INFO |
| 2017-11-22 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-3489-1.nasl - Type: ACT_GATHER_INFO |
| 2017-10-19 | Name: The remote Debian host is missing a security update. File: debian_DLA-1137.nasl - Type: ACT_GATHER_INFO |
| 2017-10-19 | Name: The remote Debian host is missing a security update. File: debian_DLA-1136.nasl - Type: ACT_GATHER_INFO |
| 2017-10-19 | Name: The remote Debian host is missing a security update. File: debian_DLA-1135.nasl - Type: ACT_GATHER_INFO |
| 2017-10-03 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_13.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_3_postfix-110510.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_3_postfix-110318.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_3_pure-ftpd-110412.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_4_postfix-110330.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_4_pure-ftpd-110412.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_4_postfix-110510.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2011-0859.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2011-0843.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2011-0423.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2011-0422.nasl - Type: ACT_GATHER_INFO |
| 2012-10-03 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2012-156.nasl - Type: ACT_GATHER_INFO |
| 2012-08-27 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_a7975581ee2611e18bd80022156e8794.nasl - Type: ACT_GATHER_INFO |
| 2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20110531_postfix_on_SL4_x.nasl - Type: ACT_GATHER_INFO |
| 2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20110406_postfix_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
| 2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20110406_postfix_on_SL4_x.nasl - Type: ACT_GATHER_INFO |
| 2012-06-26 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201206-33.nasl - Type: ACT_GATHER_INFO |
| 2011-12-13 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_pure-ftpd-7480.nasl - Type: ACT_GATHER_INFO |
| 2011-12-13 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_postfix-7502.nasl - Type: ACT_GATHER_INFO |
