1063 matches found
spamdyke -- STARTTLS Plaintext Injection Vulnerability
Secunia reports: The vulnerability is caused due to the TLS implementation not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the "STARTTLS" command. This can be exploited to insert arbitrary plaintext data e.g. SMTP commands during the...
SuSE 10 Security Update : Postfix (ZYPP Patch Number 7403)
The following bug has been fixed : - Postfix did not clear the receive buffer after the STARTTLS command. A man-in-the middle could therefore inject commands in the unencrypted stream that get interpreted in the encrypted phase after STARTTLS. CVE-2011-0411 %NASLMINLEVEL 70300 C Tenable Network...
SuSE 10 Security Update : cyrus-imapd (ZYPP Patch Number 7583)
Cyrus-imapd recognized commands before switching to an encrypted channel via STARTTLS. Attackers could potentially exploit that to inject plain text commands. CVE-2011-1926 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...
DSA-2346-2 proftpd-dfsg - several
Bulletin has no description...
[SECURITY] [DSA 2346-1] proftpd-dfsg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2346-1 [email protected] http://www.debian.org/security/ Florian Weimer November 15, 2011 http://www.debian.org/security/faq -...
DSA-2346-1 proftpd-dfsg - several
Bulletin has no description...
FreeBSD Ports: pure-ftpd
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Debian Security Advisory DSA 2242-1 (cyrus-imapd-2.2)
The remote host is missing an update to cyrus-imapd-2.2 announced via advisory DSA 2242-1. OpenVAS Vulnerability Test $Id: deb22421.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2242-1 cyrus-imapd-2.2 Authors: Thomas Reinke Copyright: Copyright c 2011...
Debian Security Advisory DSA 2258-1 (kolab-cyrus-imapd)
The remote host is missing an update to kolab-cyrus-imapd announced via advisory DSA 2258-1. OpenVAS Vulnerability Test $Id: deb22581.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2258-1 kolab-cyrus-imapd Authors: Thomas Reinke Copyright: Copyright c 2011...
Debian: Security Advisory (DSA-2242-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 2233-1 (postfix)
The remote host is missing an update to postfix announced via advisory DSA 2233-1. OpenVAS Vulnerability Test $Id: deb22331.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2233-1 postfix Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...
SuSE9 Security Update : cyrus-imapd (YOU Patch Number 12776)
Cyrus-imapd recognized commands before switching to an encrypted channel via STARTTLS. Attackers could potentially exploit that to inject plain text commands. CVE-2011-1926 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...
Debian DSA-2258-1 : kolab-cyrus-imapd - implementation error
It was discovered that the STARTTLS implementation of the Kolab Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is i...
[SECURITY] [DSA 2258-1] kolab-cyrus-imapd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2257-1 [email protected] http://www.debian.org/security/ Nico Golde June 11, 2011 http://www.debian.org/security/faq - -------------------------------------------------------------------------...
DSA-2258-1 kolab-cyrus-imapd - implementation error
Bulletin has no description...
Debian DSA-2242-1 : cyrus-imapd-2.2 - implementation error
It was discovered that the STARTTLS implementation of the Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in plac...
cyrus-imapd: STARTTLS plaintext command injection
The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command...
cyrus-imapd security update
2.3.16-6.2 - do not use strict aliasing 2.3.16-6.1 - fix CVE-2011-1926: STARTTLS plaintext command injection vulnerability...
Security fix for the ALT Linux 6 package fetchmail version 6.3.20-alt1
June 7, 2011 Michael Shigorin 6.3.20-alt1 - 6.3.20 + fixes CVE-2011-1947: STARTTLS denial of service vulnerability thanks ldv@ for heads-up...
fetchmail security announcement fetchmail-SA-2011-01 (CVE-2011-1947)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 fetchmail-SA-2011-01: Denial of service possible in STARTTLS mode Topics: fetchmail denial of service in STARTTLS protocol phases Author: Matthias Andree Version: 1.0 Announced: 2011-06-06 Type: Unguarded blocking I/O can cause indefinite application...