CVE-2011-1432: Command Injection

Published Mar 16, 2011

Updated

The STARTTLS implementation in SCO SCOoffice Server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Affected Software

1 affected component

SCO Scoofficeserver

Event History

Mar 16, 2011

CVE Published

via MITRE·10:00 PM

Data Sourced

via MITRE·10:00 PM

Description

Frequently Asked Questions

What is the severity of CVE-2011-1432?

CVE-2011-1432 is classified as a medium severity vulnerability.

How do I fix CVE-2011-1432?

To fix CVE-2011-1432, ensure you apply the latest patches and updates provided by SCO for the SCOoffice Server.

What type of attacks can exploit CVE-2011-1432?

CVE-2011-1432 can be exploited by man-in-the-middle attackers to inject commands into encrypted SMTP sessions.

Which software versions are affected by CVE-2011-1432?

CVE-2011-1432 affects all versions of SCOoffice Server that do not have the appropriate updates applied.

Is CVE-2011-1432 part of a larger security issue?

CVE-2011-1432 is specifically a plaintext command injection issue, but it highlights broader security concerns regarding STARTTLS implementations.

CVE-2011-1432: Command Injection

Affected Software

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2011-1432?

How do I fix CVE-2011-1432?

What type of attacks can exploit CVE-2011-1432?

Which software versions are affected by CVE-2011-1432?

Is CVE-2011-1432 part of a larger security issue?

Company

Resources

Contact