CVE-2011-1430

Technical details for CVE-2011-1430 are not present in the connected documents. The initial description states a STARTTLS plaintext command-injection issue in Ipswitch IMail 11.03 and earlier, but no vendor/product/version/root-cause or remediation details are provided.

CVE-2011-1431

The CVE concerns STARTTLS in qmail-smtpd.c within qmail-smtpd (netqmail-1.06-tls patch for netqmail 1.06). The root cause is incomplete I/O buffering restrictions, enabling MITM attackers to insert a plaintext command after TLS is established in encrypted SMTP sessions (plaintext command injectio...

CVE-2011-0411

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...

CVE-2011-0411

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...

CVE-2011-1431

Removed by vendor...

CVE-2011-0411

The CVE-2011-0411 entry relates to STARTTLS I/O buffering not being properly restricted, enabling plaintext command injection after TLS is established. Concrete details in connected docs include: INN/nnrpd before 2.5.3: reads unencrypted commands after TLS negotiation, allowing MITM insertion; a ...

CVE-2011-0411

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...

SSL/TLS: SMTP 'STARTTLS' Command Detection

Checks if the remote SMTP server supports SSL/TLS with the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SMTP Service STARTTLS Plaintext Command Injection

The remote SMTP service contains a software flaw in its STARTTLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could allow an attacker to...

IMAP Service STARTTLS Plaintext Command Injection

The remote IMAP service contains a software flaw in its STARTTLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could allow an attacker to...

STARTTLS plaintext command injection vulnerability

Overview Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. Description STARTTLS is an extension to plaintext communication protocols that offers a way to upgrade a plaintext connection to an encrypted TLS or SSL connection...

Memory corruption

The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of...

HP-UX Update for sendmail with STARTTLS Enabled HPSBUX02508

Check for the Version of sendmail with STARTTLS Enabled OpenVAS Vulnerability Test HP-UX Update for sendmail with STARTTLS Enabled HPSBUX02508 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

HP-UX Update for sendmail with STARTTLS Enabled HPSBUX02508

Check for the Version of sendmail with STARTTLS Enabled OpenVAS Vulnerability Test HP-UX Update for sendmail with STARTTLS Enabled HPSBUX02508 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

LDAP Service STARTTLS Command Support

The remote LDAP service supports the use of the 'STARTTLS' command to switch from a cleartext to an encrypted communications channel. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid42329; scriptversion"1.6"; scriptsetattributeattribute:"pluginmodificationdate",...

NNTP Service STARTTLS Command Support

The remote NNTP service supports the use of the 'STARTTLS' command to switch from a cleartext to an encrypted communications channel. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid42086; scriptversion"1.9"; scriptnameenglish:"NNTP Service STARTTLS Command Support";...

ACAP Service STARTTLS Command Support

The remote ACAP service supports the use of the 'STARTTLS' command to switch from a cleartext to an encrypted communications channel. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid42084; scriptversion"$Revision: 1.9 $"; scriptcvsdate"$Date: 2017/06/15 21:59:54 $";...

SMTP Service STARTTLS Command Support

The remote SMTP service supports the use of the 'STARTTLS' command to switch from a cleartext to an encrypted communications channel. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid42088; scriptversion"1.12"; scriptcvsdate"Date: 2019/03/20 12:54:43";...

POP3 Service STLS Command Support

The remote POP3 service supports the use of the 'STLS' command to switch from a cleartext to an encrypted communications channel. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid42087; scriptversion"1.13"; scriptsetattributeattribute:"pluginmodificationdate",...

IMAP Service STARTTLS Command Support

The remote IMAP service supports the use of the 'STARTTLS' command to switch from a cleartext to an encrypted communications channel. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid42085; scriptversion"1.9"; scriptsetattributeattribute:"pluginmodificationdate",...