On 22. Jun 2021, at 11.11, li...@lazygranch.com wrote:
>
>> Vulnerability Details:
>>
>> On-path attacker could inject plaintext commands before STARTTLS
>> negotiation that would be executed after STARTTLS finished with the
>> client. Only the SMTP submission service is affected.
>
> Centos 7 h
> Am 22.06.2021 um 11:11 schrieb li...@lazygranch.com:
>
>
>
> On Mon, 21 Jun 2021 13:51:30 +0200
> Timo Sirainen wrote:
>
>> Open-Xchange Security Advisory 2021-06-21
>>
>> Product: Dovecot
>> Vendor: OX Software GmbH
>> Internal reference: DOV-4583 (Bug ID)
>> Vulnerability type: CWE-74:
On Mon, 21 Jun 2021 13:51:30 +0200
Timo Sirainen wrote:
> Open-Xchange Security Advisory 2021-06-21
>
> Product: Dovecot
> Vendor: OX Software GmbH
> Internal reference: DOV-4583 (Bug ID)
> Vulnerability type: CWE-74: Failure to Sanitize Data into a Different
> Plane ('Injection') Vulnerable
Open-Xchange Security Advisory 2021-06-21
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-4583 (Bug ID)
Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane
('Injection')
Vulnerable version: 2.3.0-2.3.14
Vulnerable component: submission
Report confidence:
