Vigil@nce - nginx: injection of SMTP commands though an SSL tunnel
August 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker who is able to capture and inject network traffic can
insert SMTP commands into the nginx ’s proxy, for instance in
order to retrieve secret data.
Impacted products: nginx
Severity: 1/4
Creation date: 06/08/2014
DESCRIPTION OF THE VULNERABILITY
The nginx product offers a SMTP proxy.
The SMTP command STARTTLS is used to insert a SSL tunnel between
the TCP connection and the SMTP connection. However, nginx does
not rightly reset buffers of exchanged data when it process this
command.
An attacker who is able to capture and inject network traffic can
therefore insert SMTP commands into the nginx ’s proxy, for
instance in order to retrieve secret data.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/nginx-injection-of-SMTP-commands-though-an-SSL-tunnel-15128