ID de Prueba:	1.3.6.1.4.1.25623.1.0.103935
Categoría:	SMTP problems
Título:	Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability
Resumen:	Multiple vendors' implementations of 'STARTTLS' are prone to a; vulnerability that lets attackers inject arbitrary commands.
Descripción:	Summary: Multiple vendors' implementations of 'STARTTLS' are prone to a vulnerability that lets attackers inject arbitrary commands. Vulnerability Impact: An attacker can exploit this issue to execute arbitrary commands in the context of the user running the application. Successful exploits can allow attackers to obtain email usernames and passwords. Affected Software/OS: The following vendors are known to be affected: Ipswitch Kerio Postfix Qmail-TLS Oracle SCO Group spamdyke ISC Solution: Updates are available. Please see the references for more information. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0411 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html BugTraq ID: 46767 http://www.securityfocus.com/bid/46767 CERT/CC vulnerability note: VU#555316 http://www.kb.cert.org/vuls/id/555316 Debian Security Information: DSA-2233 (Google Search) http://www.debian.org/security/2011/dsa-2233 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html http://security.gentoo.org/glsa/glsa-201206-33.xml http://www.openwall.com/lists/oss-security/2021/08/10/2 http://www.osvdb.org/71021 http://www.redhat.com/support/errata/RHSA-2011-0422.html http://www.redhat.com/support/errata/RHSA-2011-0423.html http://securitytracker.com/id?1025179 http://secunia.com/advisories/43646 http://secunia.com/advisories/43874 SuSE Security Announcement: SUSE-SR:2011:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://www.vupen.com/english/advisories/2011/0611 http://www.vupen.com/english/advisories/2011/0752 http://www.vupen.com/english/advisories/2011/0891 XForce ISS Database: multiple-starttls-command-execution(65932) https://exchange.xforce.ibmcloud.com/vulnerabilities/65932 Common Vulnerability Exposure (CVE) ID: CVE-2011-1430 http://www.osvdb.org/71020 http://secunia.com/advisories/43676 http://www.vupen.com/english/advisories/2011/0609 Common Vulnerability Exposure (CVE) ID: CVE-2011-1431 Bugtraq: 20110307 Plaintext injection in STARTTLS (multiple implementations) (Google Search) http://www.securityfocus.com/archive/1/516901 http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q http://www.postfix.org/CVE-2011-0411.html http://securityreason.com/securityalert/8144 http://www.vupen.com/english/advisories/2011/0612 Common Vulnerability Exposure (CVE) ID: CVE-2011-1432 http://www.vupen.com/english/advisories/2011/0613 Common Vulnerability Exposure (CVE) ID: CVE-2011-1506 http://secunia.com/advisories/43678 http://www.vupen.com/english/advisories/2011/0610 Common Vulnerability Exposure (CVE) ID: CVE-2011-1575 http://lists.opensuse.org/opensuse-updates/2011-05/msg00029.html http://openwall.com/lists/oss-security/2011/04/11/14 http://openwall.com/lists/oss-security/2011/04/11/7 http://openwall.com/lists/oss-security/2011/04/11/8 http://openwall.com/lists/oss-security/2011/04/11/3 http://archives.pureftpd.org/archives.cgi?100:mss:3906:201103:cpeojfkblajnpinkeadd http://archives.pureftpd.org/archives.cgi?100:mss:3910:201103:cpeojfkblajnpinkeadd http://secunia.com/advisories/43988 http://secunia.com/advisories/44548 Common Vulnerability Exposure (CVE) ID: CVE-2011-1926 1025625 http://www.securitytracker.com/id?1025625 44670 http://secunia.com/advisories/44670 44876 http://secunia.com/advisories/44876 44913 http://secunia.com/advisories/44913 44928 http://secunia.com/advisories/44928 DSA-2242 http://www.debian.org/security/2011/dsa-2242 DSA-2258 http://www.debian.org/security/2011/dsa-2258 FEDORA-2011-7193 http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061415.html FEDORA-2011-7217 http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061374.html MDVSA-2011:100 http://www.mandriva.com/security/advisories?name=MDVSA-2011:100 RHSA-2011:0859 http://www.redhat.com/support/errata/RHSA-2011-0859.html VU#555316 [oss-security] 20110517 CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: pure-ftpd STARTTLS command injection / new CVE?] http://openwall.com/lists/oss-security/2011/05/17/2 [oss-security] 20110517 Re: CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: pure-ftpd STARTTLS command injection / new CVE?] http://openwall.com/lists/oss-security/2011/05/17/15 cyrus-starttls-command-exec(67867) https://exchange.xforce.ibmcloud.com/vulnerabilities/67867 http://bugzilla.cyrusimap.org/show_bug.cgi?id=3423 http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424 http://git.cyrusimap.org/cyrus-imapd/patch/?id=523a91a5e86c8b9a27a138f04a3e3f2d8786f162 http://www.cyrusimap.org/docs/cyrus-imapd/2.4.7/changes.php https://bugzilla.redhat.com/show_bug.cgi?id=705288 Common Vulnerability Exposure (CVE) ID: CVE-2011-2165 http://secunia.com/advisories/44753 XForce ISS Database: watchguardxcs-starttls-command-execution(67729) https://exchange.xforce.ibmcloud.com/vulnerabilities/67729
Copyright	Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.