It was found, that Postfix, a Mail Transport Agent (MTA), recognized SMTP commands during plaintex to TLS session switch (by TLS protocol initialization). A remote attacker could use this flaw to insert plaintext SMTP protocol commands into TLS protocol initialization messages, leading to SMTP commands execution during the ciphertext protocol phase, allowing the attacker to steal user credentials and conduct man-in-the-middle (MITM) attacks. References: [1] http://www.kb.cert.org/vuls/id/555316 (not public yet)
This issue affects the versions of the postfix package, as shipped with Red Hat Enterprise Linux 4, 5, and 6. -- This issue affects the versions of the postfix package, as shipped with Fedora release of 13 and 14.
This is public now: http://www.kb.cert.org/vuls/id/555316 It indicates that Postfix 2.7.3, 2.6.9, 2.5.12, and 2.4.16 have been released to correct the flaw. Postfix 2.8 and 2.9 are not affected. http://www.postfix.org/announcements/postfix-2.7.3.html
Other postfix-related references: http://www.kb.cert.org/vuls/id/MORO-8ELH6Z http://www.postfix.org/announcements/postfix-2.7.3.html http://www.postfix.org/CVE-2011-0411.html (not yet available)
This issue did NOT affect the versions of the exim package, as shipped with Red Hat Enterprise Linux 4 and 5. -- This issue did NOT affect the versions of the exim package, as present within EPEL-6 repository. -- This issue did NOT affect the versions of the exim package, as shipped with Fedora release of 13 and 14.
This issue did NOT affect the versions of the sendmail package, as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6. -- This issue did NOT affect the versions of the sendmail package, as shipped with Fedora release of 13 and 14.
Created postfix tracking bugs for this issue Affects: fedora-all [bug 683168]
This issue affects more than just MTAs. See bug #683221 for a similar flaw in pure-ftpd.
Statement: This issue affected postfix packages in Red Hat Enterprise Linux 4, 5, and 6. It was corrected via RHSA-2011:0422 and RHSA-2011:0423. This issue did not affect the versions of sendmail as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6, and the versions of exim as shipped with Red Hat Enterprise Linux 4 and 5.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 Via RHSA-2011:0422 https://rhn.redhat.com/errata/RHSA-2011-0422.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0423 https://rhn.redhat.com/errata/RHSA-2011-0423.html
Acknowledgements: Red Hat would like to thank the CERT/CC for reporting CVE-2011-0411. The CERT/CC acknowledges Wietse Venema as the original reporter.