FreeBSD : spamdyke -- STARTTLS Plaintext Injection Vulnerability (a47af810-3a17-11e1-a1be-00e0815b8da8)
High Nessus Plugin ID 57455
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionSecunia reports :
The vulnerability is caused due to the TLS implementation not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the 'STARTTLS' command. This can be exploited to insert arbitrary plaintext data (e.g. SMTP commands) during the plaintext phase, which will then be executed after upgrading to the TLS ciphertext phase.
SolutionUpdate the affected package.