This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal


~Kelly Desapulader
Jan 12, 2015, 6:38 PM
15 Posts

SMTP Service STARTTLS Plaintext Command Injection

  • Category: Domino Server
  • Platform: Windows
  • Release: 9.0.1
  • Role: Administrator
  • Tags:
  • Replies: 1

We have a vulnerability on one Domino server. We have 4 Domino servers that were built and maintained the same but are only

getting the vulnerability on one of them. The problem is:

[low] [25/tcp/smtp] SMTP Service STARTTLS Plaintext Command Injection

Nessus sent the following two commands in a single packet : STARTTLS\r\nRSET\r\n And the server sent the following two responses : 220 Ready to start TLS 250 Reset state

Servers have been running for months without any problem. We are running Domino 9.0.1 FP2 with IF3. The problem showed up after we installed InterimFix 3.

Does anyone know how to fix this issue? Thanks.

 

~Mary Zekveluzenoni
Apr 28, 2015, 1:30 PM
1 Posts
Same issue here...

Hi Kevin

Did you ever get a fix for this?  We are having the same issue with 9.0.1 FP3 IF3. 

Does anyone know if there is a fix in the pipeline?

Thanks

 


This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal