Published: 11/11/2012 Updated: 22/02/2013

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The STARTTLS implementation in nnrpd in INN prior to 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle malicious users to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Vulnerable Product	Search on Vulmon	Subscribe to Product
isc inn 1.4sec
isc inn 1.5.1
isc inn 2.0
isc inn 2.2.3
isc inn 1.7
isc inn 1.4unoff4
isc inn 2.4.0
isc inn 2.2.1
isc inn 1.4sec2
isc inn 1.4unoff3
isc inn 1.4
isc inn 2.2
isc inn 1.7.2
isc inn
isc inn 1.5
isc inn 2.1
isc inn 2.2.2

Debian Bug report logs - #685581 inn: CVE-2012-3523 prone to STARTTLS plaintext command injection Package: inn2; Maintainer for inn2 is Marco d'Itri <md@linuxit>; Source for inn2 is src:inn2 (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Wed, 22 Aug 2012 05:39:02 UTC Severity: grave Fixed in ...

CWE-264 http://www.mandriva.com/security/advisories?name=MDVSA-2012:156 http://lists.opensuse.org/opensuse-updates/2012-09/msg00058.html http://secunia.com/advisories/50661 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685581 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-3523

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect