CVE-2012-3523
EUVD-2012-347811.11.2012, 13:00
The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| isc | inn | 𝑥 ≤ 2.5.2 |
| isc | inn | 1.4 |
| isc | inn | 1.4sec:sec |
| isc | inn | 1.4sec2:sec2 |
| isc | inn | 1.4unoff3:unoff3 |
| isc | inn | 1.4unoff4:unoff4 |
| isc | inn | 1.5 |
| isc | inn | 1.5.1 |
| isc | inn | 1.7 |
| isc | inn | 1.7.2 |
| isc | inn | 2.0 |
| isc | inn | 2.1 |
| isc | inn | 2.2 |
| isc | inn | 2.2.1 |
| isc | inn | 2.2.2 |
| isc | inn | 2.2.3 |
| isc | inn | 2.4.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| inn |
| ||||||||||||||||||||||||||||||||||||
| inn2 |
|
Common Weakness Enumeration
References