71 matches found
MiracleLinux 3 : postfix-2.3.3-2.10.AXS3 (AXSA:2011-150:02)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-150:02 advisory. Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, TLS Security issues fixed with this release: CVE-2008-2937 Postfix 2.5 before...
PortSwigger Web Security: SMTP interaction theft via MITM
See http://www.postfix.org/CVE-2011-0411.html for adetailled description. Impact MitM could obtain user credentials...
Oracle: Security Advisory (ELSA-2011-0423)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : pure-ftpd (openSUSE-SU-2011:0483-1)
Pure-ftpd is vulnerable to the STARTTLS command injection issue similar to CVE-2011-0411 of postfix. CVE-2011-1575 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...
openSUSE Security Update : postfix (openSUSE-SU-2011:0389-1)
postfix did not clear the receive buffer after the STARTTLS command. A man-in-the middle could therefore inject commands in the unencrypted stream that get interpreted in the encrypted phase after STARTTLS CVE-2011-0411. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...
openSUSE Security Update : pure-ftpd (openSUSE-SU-2011:0483-1)
Pure-ftpd is vulnerable to the STARTTLS command injection issue similar to CVE-2011-0411 of postfix. CVE-2011-1575 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...
Oracle Linux 6 : post (ELSA-2011-0423)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-0423 advisory. 2:2.6.6-2.1 - fix CVE-2011-0411 682978 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...
Oracle Linux 5 : post (ELSA-2011-0422)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0422 advisory. - fix CVE-2011-0411 683387 - fix CVE-2008-2937 683387 Tenable has extracted the preceding description block directly from the Oracle Linux security...
Command injection
The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...
CVE-2012-3523
CVE-2012-3523 affects nnrpd (INN) prior to 2.5.3, where STARTTLS does not properly restrict I/O buffering. This enables MITM attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is established (plaintext command injection), related to CVE...
CVE-2012-3523
The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...
Mandriva Update for inn MDVSA-2012:156 (inn)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Mandriva Linux Security Advisory : inn (MDVSA-2012:156)
A security issue was identified and fixed in ISC INN : The STARTTLS implementation in INN's NNTP server for readers, nnrpd, before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command tha...
inn -- plaintext command injection into encrypted channel
INN developers report: Fixed a possible plaintext command injection during the negotiation of a TLS layer. The vulnerability detailed in CVE-2011-0411 affects the STARTTLS and AUTHINFO SASL commands. nnrpd now resets its read buffer upon a successful negotiation of a TLS layer. It prevents...
Scientific Linux Security Update : postfix on SL6.x i386/x86_64
It was discovered that Postfix did not flush the received SMTP commands buffer after switching to TLS encryption for an SMTP session. A man-in-the-middle attacker could use this flaw to inject SMTP commands into a victim's session during the plain text phase. This would lead to those commands bei...
Scientific Linux Security Update : postfix on SL4.x, SL5.x i386/x86_64
It was discovered that Postfix did not flush the received SMTP commands buffer after switching to TLS encryption for an SMTP session. A man-in-the-middle attacker could use this flaw to inject SMTP commands into a victim's session during the plain text phase. This would lead to those commands bei...
CentOS Update for postfix CESA-2011:0422 centos5 x86_64
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CentOS Update for postfix CESA-2011:0422 centos5 x86_64
Check for the Version of postfix OpenVAS Vulnerability Test CentOS Update for postfix CESA-2011:0422 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
RedHat Update for postfix RHSA-2011:0423-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Debian Security Advisory DSA 2346-1 (proftpd-dfsg)
The remote host is missing an update to proftpd-dfsg announced via advisory DSA 2346-1. OpenVAS Vulnerability Test $Id: deb23461.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2346-1 proftpd-dfsg Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft In...