Zimbra

whatisee1 · #1 (**permalink**) 03-08-2011, 08:41 AM

Hello folks!

As you may see postings from Wietse Venema - there are some issues with STARTTLS and Postfix:

US-CERT Vulnerability Note VU#555316
Plaintext command injection in multiple implementations of STARTTLS (CVE-2011-0411)

Now, on my systems I see this:

% telnet 0 25
220 myzimbra ESMTP Postfix
starttls
220 2.0.0 Ready to start TLS

% telnet 0 587
220 myzimbra ESMTP Postfix
starttls
220 2.0.0 Ready to start TLS

What is the best way to disable STARTTLS on Zimbra?

Thanks,
W.S.

whatisee1 · #2 (**permalink**) 03-09-2011, 07:08 AM

Hmmm...seems like this Postfix exploit is not a big thing...

cmccormick · #3 (**permalink**) 04-21-2011, 11:26 AM

My Senior Sys. Admin. thinks it is a big deal and would like to know if there is a fix planned. Anyone have any ideas on this? He sent me to this link:

CVE - CVE-2011-0411 (under review)

lytledd · #4 (**permalink**) 04-23-2011, 07:18 AM

I'd suggest that you search the bugs page to see if there is a ticket open on it, if you don't find one, then open a ticket with the information that you've got.

Doug

Zimbra

Downloads

Product Information

Toolbox

Why Join?