CVE-2012-3523

NameCVE-2012-3523
DescriptionThe STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs685581

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
inn (PTS)bullseye1:1.7.2q-46fixed
bookworm1:1.7.2q-47fixed
forky, sid, trixie1:1.7.2q-52fixed
inn2 (PTS)bullseye2.6.4-2fixed
bookworm2.7.1-1+deb12u1fixed
trixie2.7.3-1fixed
forky, sid2.7.4~20250809-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
innsource(unstable)(not affected)
inn2source(unstable)2.5.3-1low685581

Notes

- inn <not-affected> (STARTTLS was introduced in 2.3, see bug #685581)
[squeeze] - inn2 <no-dsa> (Minor issue)
Search for package or bug name: Reporting problems