Detections
Analytics

IMAP Service STARTTLS Plaintext Command Injection

medium Nessus Plugin ID 52609

Language:

Synopsis

The remote mail service allows plaintext command injection while negotiating an encrypted communications channel.

Description

The remote IMAP service contains a software flaw in its STARTTLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase.

Successful exploitation could allow an attacker to steal a victim's email or associated SASL (Simple Authentication and Security Layer) credentials.

Solution

Contact the vendor to see if an update is available.

See Also

https://tools.ietf.org/html/rfc2487

https://www.securityfocus.com/archive/1/516901/30/0/threaded

Plugin Details

Severity: Medium

ID: 52609

File Name: imap4_starttls_plaintext_injection.nasl

Version: 1.16

Type: remote

Family: Misc.

Published: 3/10/2011

Updated: 2/24/2021

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score based on analysis by tenable research and scoring of similar vulnerabilities.

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

CVSS Score Source: manual

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 3/7/2011

Reference Information

CVE: CVE-2011-0411, CVE-2011-1926

BID: 46767, 58171

CERT: 555316