Video Screencast Help

SMTP Service STARTTLS: Plaintext Command Injection

Created: 28 Jan 2013 | 2 comments

We are currently running Symantec Messaging Gateway (aka Brightmail) version 9.5.3-3, but have seen where CVE-2011-0411, CVE-2011-1430, CVE-2011-1431, CVE-2011-1432, CVE-2011-1506, CVE-2011-2165 marks it as vulnerable. I have searched the symantec KB and website but have not found any documentation on this specific issue. I work for a goverment division and we need this secured. Anyone have the documentation to show the fix?

Also looking for any FIPS documentation on the latest verstion 10.0.1-2

Comments 2 CommentsJump to latest comment

bullpup_22's picture

Update:

We have upgraded to version 10.0.1-2 and are still getting these listed as vulnerable. we are running FIPS on the current server/version.

Is there a work around or solution to this security risk?

Art_P's picture

Official information about Security Advisories related to Symantec Products can be found here:

http://www.symantec.com/security_response/securityupdates/list.jsp?fid=security_advisory

If you would like information about, or to report, a vulnerability not listed in the Security Advisories page, please contact Technical Support directly.