Vulnerabilities in STARTTLS implementations
From http://www.h-online.com/security/new...s-1203760.html
Quote:
Vulnerabilities in implementations of the STARTTLS protocol for establishing an encrypted TLS connection could allow commands to be injected into a connection. According to a description by the discoverer of the problem, Postfix developer Wietse Venema, the key point is that commands are injected into the connection before it has been secured/encrypted, but are only executed once the secure connection has been established.
|
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|