3 matches found
CVE-2011-1431
The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TL...
CVE-2011-1431
Removed by vendor...
CVE-2011-1431
The CVE concerns STARTTLS in qmail-smtpd.c within qmail-smtpd (netqmail-1.06-tls patch for netqmail 1.06). The root cause is incomplete I/O buffering restrictions, enabling MITM attackers to insert a plaintext command after TLS is established in encrypted SMTP sessions (plaintext command injectio...