Wietse Venema put forth on 3/7/2011 2:08 PM:
CERT/CC announces a flaw today in multiple STARTTLS implementations.
This problem was silently fixed in Postfix 2.8 and 2.9. Updates
for Postfix 2.[4-7] are made available via the usual channels.
Nice catch Wietse! Normally I'd follow that with
CERT/CC announces a flaw today in multiple STARTTLS implementations.
This problem was silently fixed in Postfix 2.8 and 2.9. Updates
for Postfix 2.[4-7] are made available via the usual channels.
Wietse
Plaintext injection in multiple implementations of STARTTLS
On Tue, 8 Mar 2011 07:08:09 am Wietse Venema wrote:
This is a writeup about a flaw that I found recently, and that
existed in multiple implementations of SMTP (Simple Mail Transfer
Protocol) over TLS (Transport Layer Security) including my Postfix
open source mailserver. I give an overview of
On Tue, Mar 08, 2011 at 12:59:15PM +1100, Brad Hards wrote:
On Tue, 8 Mar 2011 07:08:09 am Wietse Venema wrote:
This is a writeup about a flaw that I found recently, and that
existed in multiple implementations of SMTP (Simple Mail Transfer
Protocol) over TLS (Transport Layer Security)