Red Hat, Inc. Information for VU#555316
STARTTLS plaintext command injection vulnerability
Vulnerable. This issue affects postfix packages in Red Hat Enterprise
Linux 4, 5, and 6. The Red Hat Security Response Team has rated this
issue as having moderate security impact, a future update will address
This issue did not affect the versions of the sendmail package as shipped
with Red Hat Enterprise Linux 3, 4, 5, or 6, as Sendmail by switching to
SMTP over TLS replaces the entire received SMTP commands stream, along
with its read/write buffers and read/write functions.
This issue did not affect the versions of the exim package as shipped
with Red Hat Enterprise Linux 4 and 5, as Exim by switching to SMTP over
TLS replaces plaintext read/write functions with TLS read/write functions.
Red Hat has released updated postfix packages, for:
Red Hat Enterprise Linux 4 and 5:
Red Hat Enterprise Linux 6: