Qmail-TLS Information for VU#555316

STARTTLS plaintext command injection vulnerability

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Q-Mail has released a patch to address this vulnerability.

Vendor References

http://inoa.net/qmail-tls/vu555316.patch

Addendum

Note that Qmail-TLS is a third-party extension for the qmail software.

    Because STARTTLS is not supported by default in either the original qmail distribution or the netqmail distribution, those distributions are not vulnerable to this issue.

    If you have feedback, comments, or additional information about this vulnerability, please send us email.