Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2021-38084

An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session.

Related bugs and status

CVE-2021-38084 (Candidate) is related to these bugs:

Bug #1194892: pop3 and imap tls plaintext command injection

Summary				In	Importance	Status
	1194892	pop3 and imap tls plaintext command injection		courier (Ubuntu)	Undecided	Confirmed
	1194892	pop3 and imap tls plaintext command injection		courier (Debian)	Unknown	Confirmed

See the

CVE page on Mitre.org for more details.

References

MISC: https://sourceforge.ne...
MISC: https://sourceforge.ne...