5 matches found
CVE-2012-0070
spamdyke prior to 4.2.1: STARTTLS reveals plaintext...
CVE-2012-0070
CVE-2012-0070 concerns spamdyke prior to 4.2.1, where the TLS upgrade path after STARTTLS does not properly clear transport buffers, allowing insertion of arbitrary plaintext during the plaintext phase (e.g., SMTP commands). The vulnerability is triggered during the plaintext-to-TLS transition an...
CVE-2012-0070
spamdyke prior to 4.2.1: STARTTLS reveals plaintext...
FreeBSD Ports: spamdyke
The remote host is missing an update to the system as announced in the referenced advisory. Copyright C 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program...
FreeBSD : spamdyke -- STARTTLS Plaintext Injection Vulnerability (a47af810-3a17-11e1-a1be-00e0815b8da8)
Secunia reports : The vulnerability is caused due to the TLS implementation not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the 'STARTTLS' command. This can be exploited to insert arbitrary plaintext data e.g. SMTP commands during the...