CVE-2012-3523

NameCVE-2012-3523
DescriptionThe STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs685581

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
inn (PTS)buster, bullseye1:1.7.2q-46fixed
bookworm1:1.7.2q-47fixed
trixie1:1.7.2q-49fixed
sid1:1.7.2q-50fixed
inn2 (PTS)buster2.6.3-1+deb10u2fixed
bullseye2.6.4-2fixed
bookworm2.7.1-1+deb12u1fixed
sid, trixie2.7.2~20240212-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
innsource(unstable)(not affected)
inn2source(unstable)2.5.3-1low685581

Notes

- inn <not-affected> (STARTTLS was introduced in 2.3, see bug #685581)
[squeeze] - inn2 <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems