Test ID:	1.3.6.1.4.1.25623.1.0.901195
Category:	SMTP problems
Title:	Ipswitch IMail Server STARTTLS Plaintext Command Injection Vulnerability
Summary:	Ipswitch IMail Server is prone to plaintext command injection vulnerability.
Description:	Summary: Ipswitch IMail Server is prone to plaintext command injection vulnerability. Vulnerability Insight: This flaw is caused by an error within the 'STARTTLS' implementation where the switch from plaintext to TLS is implemented below the application's I/O buffering layer, which could allow attackers to inject commands during the plaintext phase of the protocol via man-in-the-middle attacks. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary commands in the context of the user running the application. Affected Software/OS: Ipswitch IMail versions 11.03 and Prior. Solution: Upgrade to Ipswitch IMail version 11.5 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1430 BugTraq ID: 46767 http://www.securityfocus.com/bid/46767 CERT/CC vulnerability note: VU#555316 http://www.kb.cert.org/vuls/id/555316 http://www.osvdb.org/71020 http://secunia.com/advisories/43676 http://www.vupen.com/english/advisories/2011/0609 XForce ISS Database: multiple-starttls-command-execution(65932) https://exchange.xforce.ibmcloud.com/vulnerabilities/65932
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.