CVE-2012-3523

CWE-2648 documents7 sources

Severity

6.8MEDIUM

EPSS

18.8%

top 4.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC INN

Timeline

PublishedNov 11

Latest updateMay 17

Description

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶Debianinn2< 2.5.3-1+3

▶NVDisc/inn2.5.2+16

🔴Vulnerability Details

GHSA

GHSA-g67q-3725-x6h7: The STARTTLS implementation in nnrpd in INN before 2↗2022-05-17

▶

CVEList

CVE-2012-3523: The STARTTLS implementation in nnrpd in INN before 2↗2012-11-11

▶

OSV

CVE-2012-3523: The STARTTLS implementation in nnrpd in INN before 2↗2012-11-11

▶

📋Vendor Advisories

Red Hat

(nnrpd): Prone to STARTTLS plaintext command injection↗2012-06-15

▶

Debian

CVE-2012-3523: inn - The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restr...↗2012

▶

💬Community

Bugzilla

CVE-2012-3523 inn (nnrpd): Prone to STARTTLS plaintext command injection [fedora-all]↗2012-08-21

▶

Bugzilla

CVE-2012-3523 inn (nnrpd): Prone to STARTTLS plaintext command injection↗2012-08-21

▶