3com Inc

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

ACCESS

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Alcatel-Lucent

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

America Online Inc.

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Apache HTTP Server Project

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

AT&T

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Avaya, Inc.

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Barracuda Networks

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Belkin, Inc.

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Blue Coat Systems

Notified:  January 19, 2011 Updated: March 28, 2011

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Borderware Technologies

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Check Point Software Technologies

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Cisco Systems, Inc.

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Clavister

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Computer Associates

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Courier-mta

Notified:  January 27, 2011 Updated: January 27, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Cray Inc.

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Cyrus-IMAP

Updated:  May 17, 2011

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424 http://git.cyrusimap.org/cyrus-imapd/patch/?id=523a91a5e86c8b9a27a138f04a3e3f2d8 786f162

Addendum

There are no additional comments at this time.

Debian GNU/Linux

Updated:  May 11, 2011

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

http://www.debian.org/security/2011/dsa-2233

Addendum

There are no additional comments at this time.

EMC Corporation

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Engarde Secure Linux

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Enterasys Networks

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Ericsson

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

eSoft, Inc.

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

EXIM

Notified:  March 07, 2011 Updated: March 14, 2011

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Extreme Networks

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

F5 Networks, Inc.

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Force10 Networks, Inc.

Notified:  January 19, 2011 Updated: July 22, 2011

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Fortinet, Inc.

Notified:  January 19, 2011 Updated: March 16, 2011

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Foundry Networks, Inc.

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Fujitsu

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Global Technology Associates, Inc.

Notified:  January 19, 2011 Updated: March 14, 2011

Status

  Not Affected

Vendor Statement

GTA's GB-OS based firewalls are not affected by this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Google

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Hewlett-Packard Company

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Hitachi

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

IBM Corporation

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

IBM Corporation (zseries)

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

IBM eServer

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Infoblox

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Intel Corporation

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Internet Security Systems, Inc.

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Intoto

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

IP Infusion, Inc.

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Ipswitch, Inc

Notified:  January 21, 2011 Updated: March 01, 2011

Status

  Affected

Vendor Statement

We will work on addressing this vulnerability in an upcoming release of IMail.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Juniper Networks, Inc.

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Kerio Technologies

Notified:  January 19, 2011 Updated: March 01, 2011

Status

  Affected

Vendor Statement

We are going to resolve the issue in the next product version.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

M86 Security

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

McAfee

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Microsoft Corporation

Notified:  March 07, 2011 Updated: March 14, 2011

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

MontaVista Software, Inc.

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

NEC Corporation

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

NetApp

Notified:  January 19, 2011 Updated: March 15, 2011

Status

  Not Affected

Vendor Statement

No NetApp Data ONTAP(R) products are vulnerable to this issue.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Nokia

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Nortel Networks, Inc.

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Novell, Inc.

Notified:  January 19, 2011 Updated: March 03, 2011

Status

  Not Affected

Vendor Statement

Our GroupWise Engineering team does not feel that we are vulnerable to this issue

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Oracle Corporation

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Palo Alto Networks

Notified:  January 19, 2011 Updated: March 01, 2011

Status

  Not Affected

Vendor Statement

We are not vulnerable to it.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Postfix

Updated:  March 03, 2011

Status

  Affected

Vendor Statement

Postfix legacy releases 2.7.3, 2.6.9, 2.5.12 and 2.4.16 are available. These releases contain a fix for CVE-2011-0411 which allows plaintext command injection with SMTP sessions over TLS. This defect was introduced with Postfix version 2.2. Postfix 2.8 and 2.9 are not affected.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

http://www.postfix.org/announcements/postfix-2.7.3.html

Addendum

There are no additional comments at this time.

Process Software

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Q1 Labs

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Qmail-TLS

Notified:  January 19, 2011 Updated: March 07, 2011

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Q-Mail has released a patch to address this vulnerability.

Vendor References

http://inoa.net/qmail-tls/vu555316.patch

Addendum

Note that Qmail-TLS is a third-party extension for the qmail software. Because STARTTLS is not supported by default in either the original qmail distribution or the netqmail distribution, those distributions are not vulnerable to this issue.

QNX Software Systems Inc.

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

RadWare, Inc.

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Redback Networks, Inc.

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Red Hat, Inc.

Notified:  January 19, 2011 Updated: April 07, 2011

Status

  Affected

Vendor Statement

Vulnerable. This issue affects postfix packages in Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update will address this flaw. This issue did not affect the versions of the sendmail package as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6, as Sendmail by switching to SMTP over TLS replaces the entire received SMTP commands stream, along with its read/write buffers and read/write functions. This issue did not affect the versions of the exim package as shipped with Red Hat Enterprise Linux 4 and 5, as Exim by switching to SMTP over TLS replaces plaintext read/write functions with TLS read/write functions.

Vendor Information

Red Hat has released updated postfix packages, for: Red Hat Enterprise Linux 4 and 5: https://rhn.redhat.com/errata/RHSA-2011-0422.html https://bugzilla.redhat.com/show_bug.cgi?id=674814#c26 Red Hat Enterprise Linux 6: https://rhn.redhat.com/errata/RHSA-2011-0423.html https://bugzilla.redhat.com/show_bug.cgi?id=674814#c27

Vendor References

http://www.redhat.com/security/data/cve/CVE-2011-0411.html https://rhn.redhat.com/errata/RHSA-2011-0422.html https://bugzilla.redhat.com/show_bug.cgi?id=674814#c26 https://rhn.redhat.com/errata/RHSA-2011-0423.html https://bugzilla.redhat.com/show_bug.cgi?id=674814#c27

Addendum

There are no additional comments at this time.

SafeNet

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Secureworx, Inc.

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Sendmail Consortium

Notified:  March 07, 2011 Updated: March 07, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Silicon Graphics, Inc.

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Sony Corporation

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Stonesoft

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Sun Microsystems, Inc.

Notified:  January 19, 2011 Updated: March 01, 2011

Status

  Affected

Vendor Statement

The issue is being fixed in affected products and would be announced in a quarterly Oracle Critical Patch update.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

SUSE Linux

Notified:  March 14, 2011 Updated: March 14, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Symantec

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

The SCO Group

Notified:  January 19, 2011 Updated: September 08, 2011

Status

  Not Affected

Vendor Statement

The SCOoffice 4.2 product we ship does not currently support TLS and the product is not vulnerable for this reason.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

U4EA Technologies, Inc.

Notified:  March 07, 2011 Updated: March 07, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Ubuntu

Updated:  May 11, 2011

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://launchpad.net/ubuntu/+source/postfix/2.8.2-1ubuntu2.1 https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.2 https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.2 https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.4 https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.4

Addendum

There are no additional comments at this time.

Unisys

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Vyatta

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Watchguard Technologies, Inc.

Notified:  January 19, 2011 Updated: April 14, 2011

Status

  Affected

Vendor Statement

TLS Command Injection Vulnerability: A TLS Hotfix is available for XCS version 9.0 and 9.1 to resolve a potential command injection vulnerability in the TLS over SMTP implementation. The vulnerability makes it possible to allow a man-in-the-middle to inject commands during the plaintext protocol phase, that would be executed during the ciphertext protocol phase. A full description of the vulnerability is described in CERT Vulnerability Note VU#555316. This fix is included in the XCS 9.0 Update 1 as well as the XCS 9.1 TLS Hotfix updates

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

http://www.watchguard.com/support/release-notes/xcs/ http://www.watchguard.com/support/release-notes/xcs/9/en-US/EN_ReleaseNotes_XCS_9_1_1/EN_ReleaseNotes_WG_XCS_9_1_TLS_Hotfix.pdf http://www.watchguard.com/archive/softwarecenter.asp

Addendum

There are no additional comments at this time.

Wind River Systems, Inc.

Notified:  January 19, 2011 Updated: March 14, 2011

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

ZyXEL

Notified:  January 19, 2011 Updated: January 19, 2011

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.