It was observed that the remote mail service allows plaintext command injection while negotiating an encrypted communications channel, when received following responses for respective commands sent in single packets,
nessus1 STARTTLS\r\nessus2 CAPABILITY\r\n
The following two responses were received.
nessus1 OK begin TLS negotiation now
nessus2 OK CAPABILITY completed
+OK Begin TLS negotiation
+OK Capability list follows
Their recommend is following
It is recommended to contact the vendor and check for an update considering the following.
-The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a clear text command that is processed after TLS is in place, related to a "plaintext command injection" attack.
-Also Postfix stable release 2.10.0 is available. As of now, Postfix 2.6 is no longer updated.
Are there any resolutions for this?