Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 372967 (CVE-2011-1431) - <mail-mta/netqmail-1.06-r2 : MITM (CVE-2011-1431)
Summary: <mail-mta/netqmail-1.06-r2 : MITM (CVE-2011-1431)
Status: RESOLVED FIXED
Alias: CVE-2011-1431
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-06-25 12:26 UTC by GLSAMaker/CVETool Bot
Modified: 2014-01-27 13:39 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2011-06-25 12:26:26 UTC 
CVE-2011-1431 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1431):
  The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the
  netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O
  buffering, which allows man-in-the-middle attackers to insert commands into
  encrypted SMTP sessions by sending a cleartext command that is processed
  after TLS is in place, related to a "plaintext command injection" attack, a
  similar issue to CVE-2011-0411.
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2013-05-27 00:48:26 UTC 
InCVS.

Arches, please stabilize (compile-test only, unless you already have a qmail deployment to try it on).

Target keywords: alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2013-05-27 14:01:31 UTC 
Arch teams, please test and mark stable:
=mail-mta/netqmail-1.06-r2
Stable KEYWORDS : alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86
Comment 3 Tomáš "tpruzina" Pružina (amd64 [ex]AT) 2013-05-28 09:33:09 UTC 
amd64: ok (builds fine, too difficult to run-test properly)
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2013-05-28 13:11:05 UTC 
Stable for HPPA.
Comment 5 Markus Meier gentoo-dev 2013-06-02 09:52:45 UTC 
arm stable
Comment 6 Agostino Sarubbo gentoo-dev 2013-06-04 19:59:51 UTC 
amd64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2013-06-04 20:00:21 UTC 
x86 stable
Comment 8 Agostino Sarubbo gentoo-dev 2013-06-09 11:33:01 UTC 
alpha stable
Comment 9 Agostino Sarubbo gentoo-dev 2013-06-09 11:33:18 UTC 
ia64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2013-06-09 11:33:38 UTC 
ppc stable
Comment 11 Agostino Sarubbo gentoo-dev 2013-06-09 11:33:54 UTC 
sparc stable
Comment 12 Agostino Sarubbo gentoo-dev 2013-06-09 12:12:04 UTC 
ppc64 stable
Comment 13 Agostino Sarubbo gentoo-dev 2013-06-09 12:14:26 UTC 
s390 stable
Comment 14 Agostino Sarubbo gentoo-dev 2013-06-09 16:01:28 UTC 
sh stable
Comment 15 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-18 03:30:00 UTC 
Timeout on m68k. netqmail-1.06 has had all keywords but m68k dropped, other affected versions have been cleaned. GLSA vote: no.
Comment 16 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2014-01-27 13:39:13 UTC 
GLSA vote: no.

Closing as [noglsa]