SuSE 10 Security Update : cyrus-imapd (ZYPP Patch Number 7584)

Cyrus-imapd recognized commands before switching to an encrypted channel via STARTTLS. Attackers could potentially exploit that to inject plain text commands. CVE-2011-1926 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

Fedora 13 : cyrus-imapd-2.3.16-5.fc13 (2011-7193)

Wed May 18 2011 Michal Hlavinka - 2.3.16-5 - fix CVE-2011-1926: STARTTLS plaintext command injection vulnerability - Fri Jan 21 2011 Michal Hlavinka - 2.3.16-4 - don't force sync io for all filesystems - Tue Apr 20 2010 Michal Hlavinka - 2.3.16-3 - add support for QoS marked traffic 576652 Note...

cyrus-imapd security update

2.3.16-6.2 - do not use strict aliasing 2.3.16-6.1 - fix CVE-2011-1926: STARTTLS plaintext command injection vulnerability...

Mandriva Update for cyrus-imapd MDVSA-2011:100 (cyrus-imapd)

Check for the Version of cyrus-imapd OpenVAS Vulnerability Test Mandriva Update for cyrus-imapd MDVSA-2011:100 cyrus-imapd Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

ACAP Service STARTTLS Plaintext Command Injection

The remote ACAP service contains a software flaw in its STARTTLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could permit an attacker t...

XMPP Service STARTTLS Plaintext Command Injection

The remote XMPP service contains a software flaw in its STARTTLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could reveal a user's...

Mandriva Linux Security Advisory : cyrus-imapd (MDVSA-2011:100)

A vulnerability has been identified and fixed in cyrus-imapd : The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is process...

[ MDVSA-2011:100 ] cyrus-imapd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:100 http://www.mandriva.com/security/ Package : cyrus-imapd Date : May 24, 2011 Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: A vulnerability has been identified and fix...

DEBIAN-CVE-2011-1575

The STARTTLS implementation in ftpparser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext...

CVE-2011-1926

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command...

CVE-2011-2165

The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command...

CVE-2011-1926

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command...

CVE-2011-1575

The STARTTLS implementation in ftpparser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext...

Command injection

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command...

CVE-2011-1926

CVE-2011-1926 affects Cyrus IMAP Server prior to 2.4.7 where the STARTTLS I/O buffering is not properly restricted. This allows a man-in-the-middle to inject cleartext commands into an encrypted session, enabling a plaintext command injection (related to CVE-2011-0411). Remediation: upgrade to Cy...

CVE-2011-2165

The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command...

CVE-2011-1575

The STARTTLS implementation in ftpparser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext...

CVE-2011-1575

The STARTTLS implementation in ftpparser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext...

CVE-2011-2165

Technical details about CVE-2011-2165 are not publicly provided in the connected documents. Please monitor for updates from vendors and security advisories as new information becomes available.

FTP Service AUTH TLS Plaintext Command Injection

The remote FTP server contains a software flaw in its AUTH TLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could permit an attacker to...