Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Postfix STARTTLS实现明文命令注入漏洞
Vulnerability Description
Postfix是Unix类操作系统中所使用的邮件传输代理。 Postfix 2.4.16之前的2.4.x版本,2.5.12之前的2.5.x版本,2.6.9之前的2.6.x版本,以及2.7.3之前的2.7.x版本中的STARTTLS实现没有正确限制I/O缓冲作用。中间人攻击者可以通过发送明文命令(在TLS就位后得到处理),向加密的SMTP会话注入任意命令。
CVSS Information
N/A
Vulnerability Type
N/A