|Title:||Ipswitch IMail Server STARTTLS Plaintext Command Injection Vulnerability|
|Summary:||The host is running Ipswitch IMail Server and is prone to; plaintext command injection vulnerability.|
The host is running Ipswitch IMail Server and is prone to
plaintext command injection vulnerability.
This flaw is caused by an error within the 'STARTTLS'
implementation where the switch from plaintext to TLS is implemented below the
application's I/O buffering layer, which could allow attackers to inject
commands during the plaintext phase of the protocol via man-in-the-middle
Successful exploitation will allow attacker to execute arbitrary
commands in the context of the user running the application.
Ipswitch IMail versions 11.03 and Prior.
Upgrade to Ipswitch IMail version 11.5 or later.
BugTraq ID: 46767|
Common Vulnerability Exposure (CVE) ID: CVE-2011-1430
CERT/CC vulnerability note: VU#555316
XForce ISS Database: multiple-starttls-command-execution(65932)
|Copyright||Copyright (C) 2011 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.