CVE-2011-1575

The STARTTLS implementation in ftpparser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext...

CVE-2011-1926

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command...

CVE-2011-1926

CVE-2011-1926 affects Cyrus IMAP Server prior to 2.4.7 where the STARTTLS I/O buffering is not properly restricted. This allows a man-in-the-middle to inject cleartext commands into an encrypted session, enabling a plaintext command injection (related to CVE-2011-0411). Remediation: upgrade to Cy...

CVE-2011-2165

The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command...

CVE-2011-1575

Technical details about CVE-2011-1575 are not provided in the connected documents. The references mention a plaintext command injection pattern related to STARTTLS in other products (e.g., CVE-2011-0411). Monitor for updates for concrete specifics.

CVE-2011-2165

Technical details about CVE-2011-2165 are not publicly provided in the connected documents. Please monitor for updates from vendors and security advisories as new information becomes available.

CVE-2011-1575

The STARTTLS implementation in ftpparser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext...

openSUSE Security Update : pure-ftpd (openSUSE-SU-2011:0483-1)

Pure-ftpd is vulnerable to the STARTTLS command injection issue similar to CVE-2011-0411 of postfix. CVE-2011-1575 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...

FreeBSD Ports: postfix, postfix-base

The remote host is missing an update to the system as announced in the referenced advisory. VID 14a6f516-502f-11e0-b448-bbfa2731f9c7 OpenVAS Vulnerability Test $ Description: Auto generated from VID 14a6f516-502f-11e0-b448-bbfa2731f9c7 Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

SuSE9 Security Update : Postfix (YOU Patch Number 12707)

The following bugs have been fixed : - Remote attackers could potentially exploit a memory corruption issue in postfix' SASL implementation to execute arbitrary code. CVE-2011-1720 - Also Postfix did not clear the receive buffer after the STARTTLS command. A man-in-the middle could therefore inje...

Debian DSA-2233-1 : postfix - several vulnerabilities

Several vulnerabilities were discovered in Postfix, a mail transfer agent. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2939 The postinst script grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to...

DSA-2233-1 postfix - several

Bulletin has no description...

NNTP Service STARTTLS Plaintext Command Injection

The remote news server contains a software flaw in its STARTTLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could allow an attacker...

openSUSE Security Update : postfix (openSUSE-SU-2011:0389-1)

postfix did not clear the receive buffer after the STARTTLS command. A man-in-the middle could therefore inject commands in the unencrypted stream that get interpreted in the encrypted phase after STARTTLS CVE-2011-0411. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...

Multiple Products STARTTLS Plaintext Command Injection (CVE-2011-0411; CVE-2014-3556)

STARTTLS is an extension to plaintext communication protocols that offers a way to upgrade plain text communications to an encrypted TLS or SSL connection. Protocols such as SMTP and FTP can be TLS-secured with a compatible server by a client sending the STARTTLS command. A command injection...

fetchmail -- STARTTLS denial of service

Matthias Andree reports: Fetchmail version 5.9.9 introduced STLS support for POP3, version 6.0.0 added STARTTLS for IMAP. However, the actual STARTTLS-initiated in-band SSL/TLS negotiation was not guarded by a timeout. Depending on the operating system defaults as to TCP stream keepalive mode,...

postfix: SMTP commands injection during plaintext to TLS session switch

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...

pureftpd -- multiple vulnerabilities

Pure-FTPd development team reports: Support for braces expansion in directory listings has been disabled -- Cf. CVE-2011-0418. Fix a STARTTLS flaw similar to Postfix's CVE-2011-0411. If you're using TLS, upgrading is recommended...

Kerio Products 'STARTTLS' Plaintext Command Injection Vulnerability

The host is running Kerio Mail Server/Connect and is prone to plaintext command injection vulnerability. OpenVAS Vulnerability Test $Id: secpodkerioproductsstarttlscmdinjvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ Kerio Products 'STARTTLS' Plaintext Command Injection Vulnerability Authors: Soora...

Ipswitch IMail Server STARTTLS Plaintext Command Injection Vulnerability

The host is running Ipswitch IMail Server and is prone to plaintext command injection vulnerability. OpenVAS Vulnerability Test $Id: secpodipswitchimailserverstarttlscmdinjvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ Ipswitch IMail Server STARTTLS Plaintext Command Injection Vulnerability Authors...