Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
d12d3d92de6801d03d0dd0bd9b58d169489120f7770e5ac648165b8f34080b14
Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages.
b14cfacb7f28738ac93e30480b98d56d985e51eb3e4cd68d8f6dc9b0c39181cd
HP Security Bulletin HPSBOV02467 SSRT090152 - A potential security vulnerability has been identified with HP OpenVMS TCP/IP Services running POP or IMAP servers. The vulnerability could be remotely exploited to result in unauthorized access. Revision 1 of this advisory.
e80b45697544ab1ee844d8daf78b1040ba95cf4db5a49992b58eb2c2db895fb1
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
cbce8279c1ba7a07bfefeb2e477f682bfd326519f8a7ed296e35210599898a2d
Gentoo Linux Security Advisory 201110-16 - The Cyrus IMAP Server is affected by multiple vulnerabilities which could potentially lead to the remote execution of arbitrary code or a denial of service. Versions less than 2.4.12 are affected.
1adb16e92a221ed72428ee5be30b3e16bad3de53df09cd8c4f1d076f7af9fee9
Mandriva Linux Security Advisory 2011-149 - Multiple vulnerabilities has been discovered and corrected in cyrus-imapd. Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command. Secunia Research has discovered a vulnerability in Cyrus IMAPd, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error within the authentication mechanism of the NNTP server, which can be exploited to bypass the authentication process and execute commands intended for authenticated users by sending an AUTHINFO USER command without a following AUTHINFO PASS command.
1191292753cdb7c648b6f3c0d5659116f9b45499232eebda2c0efc795d775ec9
THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
551ef1f72848dab19f6a1ff9fe31f08143c8cef26f638d93e7110b4bce49d0a4
0x4553-Intercepter is a WinPcap-based sniffer that offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.
25362e9cea7e4f4cda7174fcbdb2dece439046aef654cee2fd1018136c073f8b
Ubuntu Security Notice 1221-1 - It was discovered that mutt incorrectly verified the hostname in an SSL certificate. An attacker could trick mutt into trusting a rogue SMTPS, IMAPS, or POP3S server's certificate, which was signed by a trusted certificate authority, to perform a man-in-the-middle attack.
d5327d7489e79d924d92a0d60f8d9238e3cf7793305156d14665eb648ca81fec
THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
a2457636b51f8a958bc092aafb7a59af57fa31e31d9b90211566247ac7cda33c
Red Hat Security Advisory 2011-1317-01 - The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. A buffer overflow flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to crash the nntpd child process or, possibly, execute arbitrary code with the privileges of the cyrus user.
08236021a1e725e1e06393ac59be1014c21fe6adaad53673952a5ba86038b8b1
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
fa0dfc33f323abfbc94aa993d90d37481cd2f652ee93ec2f8c333ac7a496c7b9
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
93a002d9e1652d7684756af75b44b00f99aa93574e8a5a2e69f88656221d5ce2
Red Hat Security Advisory 2011-1187-01 - Dovecot is an IMAP server for Linux, UNIX, and similar operating systems, primarily written with security in mind. A denial of service flaw was found in the way Dovecot handled NULL characters in certain header names. A mail message with specially-crafted headers could cause the Dovecot child process handling the target user's connection to crash, blocking them from downloading the message successfully and possibly leading to the corruption of their mailbox. Users of dovecot are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the dovecot service will be restarted automatically.
66b39592d5b628556923975d937e6ea8db9f542bb93aafbf43312ca9b355d6d5
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
21a2bf0337773fa1b7824e556bc80a5730e673c537c9392fd477199d866c6b99
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
91f32c7654dde0e1cf37ed0d8517e0d0b5985cd30443a9d64cd33d232b5fe9ce
THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
1225b0f4bde4d80946c0cb2f24e39e7a14954c21d3e82fd7c83c683d32023da4
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
972e4c150e3012ba8777f149c858e1e290aeb7ad7976e1551ac1752bc04fb0ed
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
aa49012195fde4dc3e4bed2bb25283cb40a6e0ad8295a47e730652f611e2268c
Debian Linux Security Advisory 2258-1 - It was discovered that the STARTTLS implementation of the Kolab Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in place. Please note that the advisory number listed in this advisory incorrectly calls it 2257-1, but it is 2258-1.
60c5310993e97c19c5cdcdcf134c44109b643441cbeea79d62de1831cea396a1
Red Hat Security Advisory 2011-0859 - The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. It was discovered that cyrus-imapd did not flush the received commands buffer after switching to TLS encryption for IMAP, LMTP, NNTP, and POP3 sessions. A man-in-the-middle attacker could use this flaw to inject protocol commands into a victim's TLS session initialization messages. This could lead to those commands being processed by cyrus-imapd, potentially allowing the attacker to steal the victim's mail or authentication credentials. Various other issues were also addressed.
fbb933d7dd8db52517f73e6b2c79ea7e31a4f26aac03bbafbaa902ec4db8b03e
Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages.
9584997febad95cd2d8b0e720d1fa39deb130b51696db56b3b3a2ada95d5f395
Zero Day Initiative Advisory 11-171 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase OneBridge Mobile Data Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the iMailGatewayService server process (ECTrace.dll) which listens for encrypted requests by default on TCP port 993 (IMAP) and port 587 (SMTP). The process fails to properly sanitize malformed user string inputs before passing to the authentication logging function. By providing a specially crafted string with format specifiers this can be leveraged to trigger a format string vulnerability which can lead to arbitrary code execution in the context of the server process.
a410ba0444ff1d0c5ccea3857849e0c17ef6827ca9dd2863653955ceeb92998f
Debian Linux Security Advisory 2242-1 - It was discovered that the STARTTLS implementation of the Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in place.
f37324dcc067286882e574ec8915f95149ac06b8464188d28a9c6684f2be52e4
Mandriva Linux Security Advisory 2011-100 - The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a plaintext command injection attack, a similar issue to CVE-2011-0411.
dcd2c353c81c889d6b3ed40ee816336b07c372c37a756dfb0601d4a306195143