Candidate: CVE-2012-3523 PublicDate: 2012-11-11 13:00:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3523 http://seclists.org/oss-sec/2012/q3/266 https://www.isc.org/software/inn/2.5.3article Description: The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. Ubuntu-Description: Notes: sbeattie> diff -Nurp inn-2.5.2/nnrpd/misc.c inn-2.5.3/nnrpd/misc.c and diff -Nurp inn-2.5.2/nnrpd/sasl.c inn-2.5.3/nnrpd/sasl.c to get the relevant portion of the fix. Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685581 https://bugzilla.redhat.com/show_bug.cgi?id=850478 https://bugs.launchpad.net/bugs/1039881 Priority: low Discovered-by: Assigned-to: CVSS: Patches_inn: upstream_inn: not-affected (code not present) hardy_inn: ignored (reached end-of-life) lucid_inn: ignored (reached end-of-life) natty_inn: ignored (reached end-of-life) oneiric_inn: ignored (reached end-of-life) precise_inn: ignored (reached end-of-life) precise/esm_inn: DNE (precise was needs-triage) quantal_inn: ignored (reached end-of-life) raring_inn: ignored (reached end-of-life) saucy_inn: ignored (reached end-of-life) trusty_inn: not-affected (code not present) trusty/esm_inn: DNE (trusty was not-affected [code not present]) utopic_inn: ignored (reached end-of-life) vivid_inn: ignored (reached end-of-life) vivid/stable-phone-overlay_inn: DNE vivid/ubuntu-core_inn: DNE wily_inn: ignored (reached end-of-life) xenial_inn: not-affected (code not present) yakkety_inn: ignored (reached end-of-life) zesty_inn: ignored (reached end-of-life) artful_inn: ignored (reached end-of-life) bionic_inn: not-affected (code not present) cosmic_inn: not-affected (code not present) devel_inn: not-affected (code not present) Patches_inn2: upstream: ftp://ftp.isc.org/isc/inn/inn-2.5.2-2.5.3.diff.gz upstream_inn2: released (2.5.3-1) hardy_inn2: ignored (reached end-of-life) lucid_inn2: ignored (reached end-of-life) natty_inn2: ignored (reached end-of-life) oneiric_inn2: ignored (reached end-of-life) precise_inn2: ignored (reached end-of-life) precise/esm_inn2: DNE (precise was needed) quantal_inn2: not-affected (2.5.3-1) raring_inn2: not-affected (2.5.3-1) saucy_inn2: not-affected (2.5.3-1) trusty_inn2: not-affected (2.5.3-1) trusty/esm_inn2: DNE (trusty was not-affected [2.5.3-1]) utopic_inn2: not-affected (2.5.3-1) vivid_inn2: not-affected (2.5.3-1) vivid/stable-phone-overlay_inn2: DNE vivid/ubuntu-core_inn2: DNE wily_inn2: not-affected (2.5.3-1) xenial_inn2: not-affected (2.5.3-1) yakkety_inn2: not-affected (2.5.3-1) zesty_inn2: not-affected (2.5.3-1) artful_inn2: not-affected (2.5.3-1) bionic_inn2: not-affected (2.5.3-1) cosmic_inn2: not-affected (2.5.3-1) devel_inn2: not-affected (2.5.3-1)