Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. NOTE: some of these details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Kerio Connect和MailServer 'STARTTLS'明文命令注入漏洞
Vulnerability Description
Kerio Connect是一款专业的mail邮件服务器架设软件。 Kerio Connect 7.1.4 build 2985版本和MailServer 6.x版本中存在明文命令注入漏洞。该漏洞是由于在收到"STARTTLS"命令后,并从明文更新到密文时,TLS实现没有正确清理运输层缓冲导致的。该漏洞可以在明文解析的过程中(在更新为TLS密文解析之后,并执行该解析),注入任意明文数据(例如SMTP命令)。
CVSS Information
N/A
Vulnerability Type
N/A