Rapid7 Vulnerability & Exploit Database

RHSA-2011:0422: postfix security update

Back to Search

RHSA-2011:0422: postfix security update



Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),and TLS.It was discovered that Postfix did not flush the received SMTP commandsbuffer after switching to TLS encryption for an SMTP session. Aman-in-the-middle attacker could use this flaw to inject SMTP commands intoa victim's session during the plain text phase. This would lead to thosecommands being processed by Postfix after TLS encryption is enabled,possibly allowing the attacker to steal the victim's mail or authenticationcredentials. (CVE-2011-0411)It was discovered that Postfix did not properly check the permissions ofusers' mailbox files. A local attacker able to create files in the mailspool directory could use this flaw to create mailbox files for other localusers, and be able to read mail delivered to those users. (CVE-2008-2937)Red Hat would like to thank the CERT/CC for reporting CVE-2011-0411, andSebastian Krahmer of the SuSE Security Team for reporting CVE-2008-2937.The CERT/CC acknowledges Wietse Venema as the original reporter ofCVE-2011-0411.Users of Postfix are advised to upgrade to these updated packages, whichcontain backported patches to resolve these issues. After installing thisupdate, the postfix service will be restarted automatically.


  • redhat-upgrade-postfix
  • redhat-upgrade-postfix-pflogsumm

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center