DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 8th March 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default Vulnerabilities in STARTTLS implementations

From http://www.h-online.com/security/new...s-1203760.html

Quote:
Vulnerabilities in implementations of the STARTTLS protocol for establishing an encrypted TLS connection could allow commands to be injected into a connection. According to a description by the discoverer of the problem, Postfix developer Wietse Venema, the key point is that commands are injected into the connection before it has been secured/encrypted, but are only executed once the secure connection has been established.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenOffice 3.2.1 closes two vulnerabilities J65nko News 0 7th June 2010 06:50 PM
OpenSSL updates fix vulnerabilities J65nko News 0 4th June 2010 12:48 PM
ClamAV 0.96.1 fixes DoS vulnerabilities J65nko News 0 25th May 2010 08:41 PM
PostgreSQL developers fix vulnerabilities J65nko News 0 17th May 2010 01:58 PM
Vulnerabilities in sudo closed J65nko News 0 1st March 2010 05:16 PM


All times are GMT. The time now is 05:29 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick