Check Point Advisories

Multiple Products STARTTLS Plaintext Command Injection (CVE-2011-0411; CVE-2014-3556)

Check Point Reference: CPAI-2011-245
Date Published: 3 May 2011
Severity: Critical
Last Updated: Tuesday 28 February, 2023
Source:
Industry Reference:CVE-2011-0411
CVE-2014-3556
Protection Provided by:

Security Gateway
R81, R80, R77, R75

Who is Vulnerable?
Vulnerability Description STARTTLS is an extension to plaintext communication protocols that offers a way to upgrade plain text communications to an encrypted (TLS or SSL) connection. Protocols such as SMTP and FTP can be TLS-secured with a compatible server by a client sending the STARTTLS command. A command injection vulnerability has been reported on server implementations of the STARTTLS extension. The vulnerability could allow an attacker to inject commands during the plaintext phase, that will be executed during the ciphertext phase. A remote attacker could leverage this issue to perform a man-in-the-middle attack, by injecting commands in the STARTTLS command. This could result in execution of the attacker's commands without the knowledge of a target or client.

Protection Overview

This protection detects and blocks malformed STARTTLS commands.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R81 / R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Multiple Products STARTTLS Plaintext Command Injection protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  SMTP Protection Violation.
Attack Information:  Multiple Products STARTTLS Plaintext Command Injection

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK