FreeBSD : spamdyke -- STARTTLS Plaintext Injection Vulnerability (a47af810-3a17-11e1-a1be-00e0815b8da8)

High Nessus Plugin ID 57455


The remote FreeBSD host is missing a security-related update.


Secunia reports :

The vulnerability is caused due to the TLS implementation not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the 'STARTTLS' command. This can be exploited to insert arbitrary plaintext data (e.g. SMTP commands) during the plaintext phase, which will then be executed after upgrading to the TLS ciphertext phase.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 57455

File Name: freebsd_pkg_a47af8103a1711e1a1be00e0815b8da8.nasl

Version: $Revision: 1.3 $

Type: local

Published: 2012/01/09

Modified: 2013/06/22

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:spamdyke, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2012/01/08

Vulnerability Publication Date: 2012/01/04

Reference Information

CVE: CVE-2012-0070

Secunia: 47435