Summary
Multiple vendors' implementations of STARTTLS are prone to a vulnerability that lets attackers inject arbitrary commands.
Impact
An attacker can exploit this issue to execute arbitrary commands in the context of the user running the application. Successful exploits can allow attackers to obtain email usernames and passwords.
Solution
Updates are available.
Affected
The following vendors are affected:
Ipswitch
Kerio
Postfix
Qmail-TLS
Oracle
SCO Group
spamdyke
ISC
Detection
Send a special crafted STARTTLS request and check the response.
References
- http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424
- http://cyrusimap.org/mediawiki/index.php/Bugs_Resolved_in_2.4.7
- http://datatracker.ietf.org/doc/draft-josefsson-kerberos5-starttls/?include_text=1
- http://files.kolab.org/server/release/kolab-server-2.3.2/sources/release-notes.txt
- http://inoa.net/qmail-tls/vu555316.patch
- http://kolab.org/pipermail/kolab-announce/2011/000101.html
- http://support.avaya.com/css/P8/documents/100134676
- http://support.avaya.com/css/P8/documents/100141041
- http://www.kb.cert.org/vuls/id/555316
- http://www.kb.cert.org/vuls/id/MAPG-8D9M4P
- http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
- http://www.postfix.org/CVE-2011-0411.html
- http://www.pureftpd.org/project/pure-ftpd/news
- http://www.securityfocus.com/archive/1/516901
- http://www.securityfocus.com/bid/46767
- http://www.spamdyke.org/documentation/Changelog.txt
- http://www.watchguard.com/support/release-notes/xcs/9/en-US/EN_ReleaseNotes_XCS_9_1_1/EN_ReleaseNotes_WG_XCS_9_1_TLS_Hotfix.pdf
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-0411, CVE-2011-1430, CVE-2011-1431, CVE-2011-1432, CVE-2011-1575, CVE-2011-1926, CVE-2011-2165 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities