Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability

Bugtraq ID: 46767
Class: Input Validation Error
CVE: CVE-2011-0411
CVE-2011-1430
CVE-2011-1431
CVE-2011-1432
CVE-2011-1575
CVE-2011-1926
CVE-2011-2165
Remote: Yes
Local: No
Published: Mar 07 2011 12:00AM
Updated: Aug 21 2012 07:10PM
Credit: Wietse Venema
Vulnerable: Wietse Venema Postfix 2.5.5
Wietse Venema Postfix 2.5.4
Wietse Venema Postfix 2.4.9
Wietse Venema Postfix 2.4.8
Wietse Venema Postfix 2.2.10
Wietse Venema Postfix 2.2.4
Wietse Venema Postfix 2.2.3
Wietse Venema Postfix 2.1.5
Wietse Venema Postfix 2.1.3
Wietse Venema Postfix 2.1
Wietse Venema Postfix 2.0
Wietse Venema Postfix 1.1.13
Wietse Venema Postfix 1.1.12
Wietse Venema Postfix 1.1.11
Wietse Venema Postfix 1.0.21
Wietse Venema Postfix 20011115
Wietse Venema Postfix 20010228
Wietse Venema Postfix 2.8
Wietse Venema Postfix 2.6-20080902
Wietse Venema Postfix 2.6
Wietse Venema Postfix 2.5.4 Patchlevel 4
Wietse Venema Postfix 19991231
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Trustix Secure Linux 1.2
Wietse Venema Postfix 19990906
WatchGuard XCS 9.1
WatchGuard XCS 9.0
Ubuntu Ubuntu Linux 9.10 sparc
Ubuntu Ubuntu Linux 9.10 powerpc
Ubuntu Ubuntu Linux 9.10 lpia
Ubuntu Ubuntu Linux 9.10 i386
Ubuntu Ubuntu Linux 9.10 ARM
Ubuntu Ubuntu Linux 9.10 amd64
Ubuntu Ubuntu Linux 9.10
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu Ubuntu Linux 8.04 LTS lpia
Ubuntu Ubuntu Linux 8.04 LTS i386
Ubuntu Ubuntu Linux 8.04 LTS amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Ubuntu Ubuntu Linux 10.10 powerpc
Ubuntu Ubuntu Linux 10.10 i386
Ubuntu Ubuntu Linux 10.10 ARM
Ubuntu Ubuntu Linux 10.10 amd64
Ubuntu Ubuntu Linux 10.04 sparc
Ubuntu Ubuntu Linux 10.04 powerpc
Ubuntu Ubuntu Linux 10.04 LTS
Ubuntu Ubuntu Linux 10.04 i386
Ubuntu Ubuntu Linux 10.04 ARM
Ubuntu Ubuntu Linux 10.04 amd64
SuSE SUSE Linux Enterprise Server 9
SuSE SUSE Linux Enterprise 11 SP1
SuSE SUSE Linux Enterprise 10 SP4
SuSE SUSE Linux Enterprise 10 SP3
SuSE SUSE Linux Enterprise 10 SP2
SuSE openSUSE 11.4
SuSE openSUSE 11.3
Sun Java System Messaging Server 7.0
Sun Java System Messaging Server 6.3
spamdyke spamdyke 4.2
SCO SCOoffice Server 0
S.u.S.E. openSUSE 11.2
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux Desktop version 4
Red Hat Fedora 14
Red Hat Fedora 13
Red Hat Enterprise Linux Workstation Optional 6
Red Hat Enterprise Linux Workstation 6
Red Hat Enterprise Linux Server Optional 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux HPC Node Optional 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Desktop Optional 6
Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux Desktop 5 client
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux 5 Server
qmail-smtpd-auth netqmail 0
Pure-FTPd Pure-FTPd 1.0.29
Pardus Linux 2011 0
Pardus Linux 2009 0
Mandriva Linux Mandrake 2010.1 x86_64
Mandriva Linux Mandrake 2010.1
Mandriva Linux Mandrake 2009.0 x86_64
Mandriva Linux Mandrake 2009.0
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 4.0
Kolab Kolab Groupware Server 2.2.4
Kolab Kolab Groupware Server 2.2.3
Kolab Kolab Groupware Server 2.2.2
Kolab Kolab Groupware Server 2.2
Kolab Kolab Groupware Server 2.1
Kolab Kolab Groupware Server 2.0.4
Kolab Kolab Groupware Server 2.0.3
Kolab Kolab Groupware Server 2.0.2
Kolab Kolab Groupware Server 2.0.1
Kolab Kolab Groupware Server 2.3.1
Kolab Kolab Groupware Server 2.2-rc3
Kolab Kolab Groupware Server 2.2-rc1
Kolab Kolab Groupware Server 2.2 beta3
Kolab Kolab Groupware Server 2.2 beta1
Kolab Kolab Groupware Server 2.2 -rc2
Kolab Kolab Groupware Server 2.1beta2
Kolab Groupware Server 2.1.beta3
Kerio Mailserver 7.0
Kerio Mailserver 6.7.3
Kerio Mailserver 6.7
Kerio Mailserver 6.6.2
Kerio Mailserver 6.6.1 build 7069
Kerio Mailserver 6.6.1
Kerio Mailserver 6.6
Kerio Mailserver 6.5
Kerio Mailserver 6.4.2
Kerio Mailserver 6.4.1
Kerio Mailserver 6.3.1
Kerio Mailserver 6.2.2
Kerio Mailserver 6.1.3
Kerio Mailserver 6.0.10
Kerio Mailserver 6.0.9
Kerio Mailserver 6.0.5
Kerio Mailserver 6.0.4
Kerio Mailserver 6.0.3
Kerio Mailserver 6.0.2
Kerio Mailserver 6.0.1
Kerio Mailserver 6.0
Kerio Mailserver 5.7.10
Kerio Mailserver 5.7.9
Kerio Mailserver 5.7.8
Kerio Mailserver 5.7.7
Kerio Mailserver 5.7.6
Kerio Mailserver 5.7.5
Kerio Mailserver 5.7.4
Kerio Mailserver 5.7.3
Kerio Mailserver 5.7.2
Kerio Mailserver 5.7.1
Kerio Mailserver 5.7 .0
Kerio Mailserver 5.6.5
Kerio Mailserver 5.6.4
Kerio Mailserver 5.6.3
Kerio Mailserver 5.1.1
Kerio Mailserver 5.1
Kerio Mailserver 5.0
Kerio Mailserver 6.7.0 Patch 1
Kerio Mailserver 6.6.2 Patch 3
Kerio Mailserver 6.1.3 Patch 1
Kerio Kerio Connect 7.1.4 build 2985
ISC INN 2.4.1
ISC INN 2.4 .0
ISC INN 2.3.3
ISC INN 2.3.2
ISC INN 2.3.1
ISC INN 2.3
Ipswitch IMail 8.22
Ipswitch IMail 8.20
Ipswitch IMail 8.15 Hotfix 1
Ipswitch IMail 8.14
Ipswitch IMail 8.13
Ipswitch IMail 8.2 Hotfix 2
Ipswitch IMail 8.2
Ipswitch IMail 8.1
Ipswitch IMail 8.0.5
Ipswitch IMail 8.0.3
Ipswitch IMail 7.12
Ipswitch IMail 7.1
Ipswitch IMail 7.0.7
Ipswitch IMail 7.0.6
Ipswitch IMail 7.0.5
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
Ipswitch IMail 7.0.4
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Ipswitch IMail 7.0.3
Ipswitch IMail 7.0.2
Ipswitch IMail 7.0.1
Ipswitch IMail 6.4
Ipswitch IMail 6.3
Ipswitch IMail 6.2
Ipswitch IMail 6.1
Ipswitch IMail 6.0.6
Ipswitch IMail 6.0.5
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0
Ipswitch IMail 6.0.4
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0
Ipswitch IMail 6.0.3
Ipswitch IMail 6.0.2
Ipswitch IMail 6.0.1
Ipswitch IMail 6.0
Ipswitch IMail 5.0.8
Ipswitch IMail 5.0.7
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
+ Microsoft Windows NT 4.0
Ipswitch IMail 5.0.6
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
+ Microsoft Windows NT 4.0
Ipswitch IMail 5.0.5
Ipswitch IMail 5.0
Ipswitch IMail 8.11
Ipswitch IMail 8.01
Ipswitch IMail 2006.2
Ipswitch IMail 0
IETF STARTTLS 0
Gentoo Linux
Debian Linux 5.0 sparc
Debian Linux 5.0 s/390
Debian Linux 5.0 powerpc
Debian Linux 5.0 mipsel
Debian Linux 5.0 mips
Debian Linux 5.0 m68k
Debian Linux 5.0 ia-64
Debian Linux 5.0 ia-32
Debian Linux 5.0 hppa
Debian Linux 5.0 armel
Debian Linux 5.0 arm
Debian Linux 5.0 amd64
Debian Linux 5.0 alpha
Debian Linux 5.0
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 armel
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0
Cyrus Cyrus IMAP Server 2.4.6
Cyrus Cyrus IMAP Server 2.4
Avaya Messaging Storage Server 5.2.8
Avaya Messaging Storage Server 5.2.2
Avaya Messaging Storage Server 5.2 SP3
Avaya Messaging Storage Server 5.2 SP2
Avaya Messaging Storage Server 5.2 SP1
Avaya Messaging Storage Server 5.2
Avaya Messaging Storage Server 5.1 SP2
Avaya Messaging Storage Server 5.1 SP1
Avaya Messaging Storage Server 5.1
Avaya Messaging Storage Server 5.0
Avaya Messaging Storage Server 4.0
Avaya Message Networking 5.2.1
Avaya Message Networking 5.2.2
Avaya Message Networking 5.2 SP1
Avaya Message Networking 5.2
Avaya Message Networking 3.1
Avaya Aura Communication Manager 6.0.1
Avaya Aura Communication Manager 6.0
Apple Mac OS X Server 10.6.6
Apple Mac OS X Server 10.6.5
Apple Mac OS X Server 10.6.5
Apple Mac OS X Server 10.6.4
Apple Mac OS X Server 10.6.3
Apple Mac OS X Server 10.6.2
Apple Mac OS X Server 10.6.1
Apple Mac Os X Server 10.6.8
Apple Mac Os X Server 10.6.7
Apple Mac OS X Server 10.6
Apple Mac OS X 10.6.5
Apple Mac OS X 10.6.4
Apple Mac OS X 10.6.3
Apple Mac OS X 10.6.2
Apple Mac OS X 10.6.1
Apple Mac OS X 10.6
Not Vulnerable: spamdyke spamdyke 4.2.1
Pure-FTPd Pure-FTPd 1.0.30
Kolab Kolab Groupware Server 2.3.2
Cyrus Cyrus IMAP Server 2.4.7


 

Privacy Statement
Copyright 2010, SecurityFocus