Lucene search

K
cveMitreCVE-2011-1506
HistoryMar 22, 2011 - 5:55 p.m.

CVE-2011-1506

2011-03-2217:55:04
CWE-20
mitre
web.nvd.nist.gov
56
cve-2011-1506
kerio connect
mailserver
starttls
plaintext command injection
man-in-the-middle
nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

Low

EPSS

0.011

Percentile

84.8%

The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a “plaintext command injection” attack, a similar issue to CVE-2011-0411. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd
Node
kerioconnectMatch7.1.4
Node
keriokerio_mailserverMatch5.0
OR
keriokerio_mailserverMatch5.1
OR
keriokerio_mailserverMatch5.1.1
OR
keriokerio_mailserverMatch5.6.3
OR
keriokerio_mailserverMatch5.6.4
OR
keriokerio_mailserverMatch5.6.5
OR
keriokerio_mailserverMatch5.7.0
OR
keriokerio_mailserverMatch5.7.1
OR
keriokerio_mailserverMatch5.7.2
OR
keriokerio_mailserverMatch5.7.3
OR
keriokerio_mailserverMatch5.7.4
OR
keriokerio_mailserverMatch5.7.5
OR
keriokerio_mailserverMatch5.7.6
OR
keriokerio_mailserverMatch5.7.7
OR
keriokerio_mailserverMatch5.7.8
OR
keriokerio_mailserverMatch5.7.9
OR
keriokerio_mailserverMatch5.7.10
OR
keriokerio_mailserverMatch6.0
OR
keriokerio_mailserverMatch6.0.0
OR
keriokerio_mailserverMatch6.0.1
OR
keriokerio_mailserverMatch6.0.2
OR
keriokerio_mailserverMatch6.0.3
OR
keriokerio_mailserverMatch6.0.4
OR
keriokerio_mailserverMatch6.0.5
OR
keriokerio_mailserverMatch6.0.6
OR
keriokerio_mailserverMatch6.0.7
OR
keriokerio_mailserverMatch6.0.8
OR
keriokerio_mailserverMatch6.0.9
OR
keriokerio_mailserverMatch6.0.10
OR
keriokerio_mailserverMatch6.1.1
OR
keriokerio_mailserverMatch6.1.2
OR
keriokerio_mailserverMatch6.1.3
OR
keriokerio_mailserverMatch6.1.3_patch_1
OR
keriokerio_mailserverMatch6.1.4
OR
keriokerio_mailserverMatch6.2.0
OR
keriokerio_mailserverMatch6.2.1
OR
keriokerio_mailserverMatch6.2.2
OR
keriokerio_mailserverMatch6.3.0
OR
keriokerio_mailserverMatch6.3.1
OR
keriokerio_mailserverMatch6.3.1_p1
OR
keriokerio_mailserverMatch6.3.1_p2
OR
keriokerio_mailserverMatch6.4.0
OR
keriokerio_mailserverMatch6.4.1
OR
keriokerio_mailserverMatch6.4.2
OR
keriokerio_mailserverMatch6.5.0
OR
keriokerio_mailserverMatch6.5.0patch_1
OR
keriokerio_mailserverMatch6.5.1
OR
keriokerio_mailserverMatch6.5.2
OR
keriokerio_mailserverMatch6.6.0
OR
keriokerio_mailserverMatch6.6.0patch_1
OR
keriokerio_mailserverMatch6.6.1
OR
keriokerio_mailserverMatch6.6.2
OR
keriokerio_mailserverMatch6.7.0
OR
keriokerio_mailserverMatch6.7.1
OR
keriokerio_mailserverMatch6.7.2
OR
keriokerio_mailserverMatch6.7.3
VendorProductVersionCPE
kerioconnect7.1.4cpe:2.3:a:kerio:connect:7.1.4:*:*:*:*:*:*:*
keriokerio_mailserver5.0cpe:2.3:a:kerio:kerio_mailserver:5.0:*:*:*:*:*:*:*
keriokerio_mailserver5.1cpe:2.3:a:kerio:kerio_mailserver:5.1:*:*:*:*:*:*:*
keriokerio_mailserver5.1.1cpe:2.3:a:kerio:kerio_mailserver:5.1.1:*:*:*:*:*:*:*
keriokerio_mailserver5.6.3cpe:2.3:a:kerio:kerio_mailserver:5.6.3:*:*:*:*:*:*:*
keriokerio_mailserver5.6.4cpe:2.3:a:kerio:kerio_mailserver:5.6.4:*:*:*:*:*:*:*
keriokerio_mailserver5.6.5cpe:2.3:a:kerio:kerio_mailserver:5.6.5:*:*:*:*:*:*:*
keriokerio_mailserver5.7.0cpe:2.3:a:kerio:kerio_mailserver:5.7.0:*:*:*:*:*:*:*
keriokerio_mailserver5.7.1cpe:2.3:a:kerio:kerio_mailserver:5.7.1:*:*:*:*:*:*:*
keriokerio_mailserver5.7.2cpe:2.3:a:kerio:kerio_mailserver:5.7.2:*:*:*:*:*:*:*
Rows per page:
1-10 of 571

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

Low

EPSS

0.011

Percentile

84.8%