Qmail-TLS Information for VU#555316
STARTTLS plaintext command injection vulnerability
No statement is currently available from the vendor regarding this vulnerability.
Q-Mail has released a patch to address this vulnerability.
Note that Qmail-TLS is a third-party extension for the qmail software.
Because STARTTLS is not supported by default in either the original qmail distribution or the netqmail distribution, those distributions are not vulnerable to this issue.
If you have feedback, comments, or additional information about this vulnerability, please send us email.