Input validation error in qmail netqmail

1) Input validation error

EUVDB-ID: #VU45223

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2011-1431

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. Per: http://cwe.mitre.org/data/definitions/77.html Improper Neutralization of Special Elements used in a Command ('Command Injection')

Mitigation

Install update from vendor's website.

Vulnerable software versions

netqmail: 1.06

CPE2.3

• cpe:2.3:a:qmail:netqmail:1.06:*:*:*:*:*:*:*

External links

http://inoa.net/qmail-tls/vu555316.patch
http://securityreason.com/securityalert/8144
http://www.kb.cert.org/vuls/id/555316
http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q
http://www.postfix.org/CVE-2011-0411.html
http://www.securityfocus.com/archive/1/516901
http://www.securityfocus.com/bid/46767
http://www.vupen.com/english/advisories/2011/0612
http://exchange.xforce.ibmcloud.com/vulnerabilities/65932

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.