PT-2021-9848 · S/Qmail · S/Qmail
Published
2021-08-17
·
Updated
2021-08-31
·
CVE-2020-15955
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
s/qmail versions prior to 4.0.08
Description
The issue allows an active Man-in-the-Middle (MitM) to inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This enables the attacker to intercept e-mail messages and user credentials.
Recommendations
For versions prior to 4.0.08, update to version 4.0.08 or later to resolve the issue.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
S/Qmail