Plaintext injection in multiple implementations of STARTTLS

Mark Martinec Mark.Martinec+amavis at ijs.si
Tue Mar 8 11:05:38 CET 2011


For those wondering about CVE-2011-0411 / VU#555316 status:

  http://marc.info/?l=postfix-users&m=129952854117623
  http://www.kb.cert.org/vuls/id/555316

Amavisd-new is NOT AFFECTED by this vulnerability
even when TLS is used ( $tls_security_level_in ).

Version 2.6.4 and earlier does not use a stream and does not
buffer SMTP data at this level. Switching to TLS replaces
the I/O methods.

Version 2.7.0(-pre*) does use buffering at the application
level of transport, but properly discards any buffered
leftovers (pipelining violations) when switching to TLS
after a STARTTLS command.

  Mark


More information about the amavis-users mailing list