Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

SMTP Service STARTTLS: Plaintext Command Injection

Created: 28 Jan 2013 | 2 comments

We are currently running Symantec Messaging Gateway (aka Brightmail) version 9.5.3-3, but have seen where CVE-2011-0411, CVE-2011-1430, CVE-2011-1431, CVE-2011-1432, CVE-2011-1506, CVE-2011-2165 marks it as vulnerable. I have searched the symantec KB and website but have not found any documentation on this specific issue. I work for a goverment division and we need this secured. Anyone have the documentation to show the fix?

Also looking for any FIPS documentation on the latest verstion 10.0.1-2

Comments 2 CommentsJump to latest comment

bullpup_22's picture

Update:

We have upgraded to version 10.0.1-2 and are still getting these listed as vulnerable. we are running FIPS on the current server/version.

Is there a work around or solution to this security risk?

Art_P's picture

Official information about Security Advisories related to Symantec Products can be found here:

http://www.symantec.com/security_response/securityupdates/list.jsp?fid=security_advisory

If you would like information about, or to report, a vulnerability not listed in the Security Advisories page, please contact Technical Support directly.