1063 matches found
FreeBSD : fetchmail -- STARTTLS denial of service (f7d838f2-9039-11e0-a051-080027ef73ec)
Matthias Andree reports : Fetchmail version 5.9.9 introduced STLS support for POP3, version 6.0.0 added STARTTLS for IMAP. However, the actual STARTTLS-initiated in-band SSL/TLS negotiation was not guarded by a timeout. Depending on the operating system defaults as to TCP stream keepalive mode,...
Mandriva Update for cyrus-imapd MDVSA-2011:100 (cyrus-imapd)
Check for the Version of cyrus-imapd OpenVAS Vulnerability Test Mandriva Update for cyrus-imapd MDVSA-2011:100 cyrus-imapd Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
CVE-2011-1947
fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a 1 STARTTLS or 2 STLS request, which allows remote servers to cause a denial of service application hang by acknowledging the request but not sending additional packets...
CVE-2011-1947
fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a 1 STARTTLS or 2 STLS request, which allows remote servers to cause a denial of service application hang by acknowledging the request but not sending additional packets...
CVE-2011-1947
fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a 1 STARTTLS or 2 STLS request, which allows remote servers to cause a denial of service application hang by acknowledging the request but not sending additional packets...
CVE-2011-1947
CVE-2011-1947 affects fetchmail 5.9.9–6.3.19. The issue is an insufficient wait-time limiter after STARTTLS or STLS, allowing a remote server to trigger a denial-of-service (application hang) by acknowledging the request but sending no further packets. The provided documents confirm this vulnerab...
XMPP Service STARTTLS Plaintext Command Injection
The remote XMPP service contains a software flaw in its STARTTLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could reveal a user's...
ACAP Service STARTTLS Plaintext Command Injection
The remote ACAP service contains a software flaw in its STARTTLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could permit an attacker t...
SuSE 11.1 Security Update : pure-ftpd (SAT Patch Number 4360)
Pure-ftpd is vulnerable to the STARTTLS command injection issue similar to CVE-2011-0411 of postfix. CVE-2011-1575 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update...
[SECURITY] [DSA 2242-1] cyrus-imapd-2.2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2242-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 25, 2011 http://www.debian.org/security/faq -...
Mandriva Linux Security Advisory : cyrus-imapd (MDVSA-2011:100)
A vulnerability has been identified and fixed in cyrus-imapd : The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is process...
[ MDVSA-2011:100 ] cyrus-imapd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:100 http://www.mandriva.com/security/ Package : cyrus-imapd Date : May 24, 2011 Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: A vulnerability has been identified and fix...
DSA-2242-1 cyrus-imapd-2.2 - implementation error
Bulletin has no description...
CVE-2011-2165
The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command...
CVE-2011-1575
The STARTTLS implementation in ftpparser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext...
CVE-2011-1926
The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command...
CVE-2011-1926
The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command...
CVE-2011-1575
The STARTTLS implementation in ftpparser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext...
Command injection
The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command...
Command injection
The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command...