CVE-2011-1431 netqmail

Metadata

medium
6.8
netqmail
CVE-2011-1431
2017-06-18 07:03
CVE-2011-1431
2017-06-16 18:56
2017-04-01 19:11
2017-01-05 20:15

Description

The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

None

Unaffected

Release Package Reason
stretch netqmail
jessie netqmail
buster netqmail
wheezy netqmail
sid netqmail