Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SMTP Service STARTTLS: Plaintext Command Injection

Created: 28 Jan 2013 | 2 comments

We are currently running Symantec Messaging Gateway (aka Brightmail) version 9.5.3-3, but have seen where CVE-2011-0411, CVE-2011-1430, CVE-2011-1431, CVE-2011-1432, CVE-2011-1506, CVE-2011-2165 marks it as vulnerable. I have searched the symantec KB and website but have not found any documentation on this specific issue. I work for a goverment division and we need this secured. Anyone have the documentation to show the fix?

Also looking for any FIPS documentation on the latest verstion 10.0.1-2

Comments 2 CommentsJump to latest comment

bullpup_22's picture

Update:

We have upgraded to version 10.0.1-2 and are still getting these listed as vulnerable. we are running FIPS on the current server/version.

Is there a work around or solution to this security risk?

Art_P's picture

Official information about Security Advisories related to Symantec Products can be found here:

http://www.symantec.com/security_response/securityupdates/list.jsp?fid=security_advisory

If you would like information about, or to report, a vulnerability not listed in the Security Advisories page, please contact Technical Support directly.

If you find a useful post, please use the "thumbs up" feature to mark the post as helpful. If your question has been answered, please select the "Mark as solution" for the post that best answered your question. Thank you.