Published: 16/03/2011 Updated: 17/08/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle malicious users to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Vulnerable Product	Search on Vulmon	Subscribe to Product
frederik vermeulen netqmail 1.06

Debian Bug report logs - #652378 CVE-2011-1431 in TLS patch Package: src:qmail; Maintainer for src:qmail is Gerrit Pape <pape@smardenorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 16 Dec 2011 21:00:12 UTC Severity: serious Tags: security Fixed in version 103-493+rm Done: Debian FTP Masters &lt ...

NVD-CWE-Other http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q http://inoa.net/qmail-tls/vu555316.patch http://www.securityfocus.com/archive/1/516901 http://www.postfix.org/CVE-2011-0411.html http://www.vupen.com/english/advisories/2011/0612 http://www.kb.cert.org/vuls/id/555316 http://www.securityfocus.com/bid/46767 http://securityreason.com/securityalert/8144 https://exchange.xforce.ibmcloud.com/vulnerabilities/65932 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652378 https://nvd.nist.gov https://www.kb.cert.org/vuls/id/555316

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-1431

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect