CVE-2011-1430

MEDIUM

Description

The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

References

http://secunia.com/advisories/43676

http://www.kb.cert.org/vuls/id/555316

http://www.kb.cert.org/vuls/id/MAPG-8DBRD4

http://www.osvdb.org/71020

http://www.securityfocus.com/bid/46767

http://www.vupen.com/english/advisories/2011/0609

https://exchange.xforce.ibmcloud.com/vulnerabilities/65932

Details

Source: MITRE

Published: 2011-03-16

Updated: 2017-08-17

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:ipswitch:imail:*:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:5.0:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:5.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:5.0.8:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:6.00:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:6.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:6.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:6.1:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:6.2:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:6.3:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:6.4:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:6.06:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:7.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:7.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:7.1:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:7.12:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:8.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:8.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:8.1:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:8.11:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:8.12:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:8.13:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:8.22:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:10:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:10.01:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:10.02:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:11:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:11.01:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:11.02:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:*:*:*:*:*:*:*:* versions up to 11.03 (inclusive)

cpe:2.3:a:ipswitch:imail:2006:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:2006.1:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:2006.2:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:imail:server_8.2_hotfix_2:*:*:*:*:*:*:*