CVE-2012-3523P3LOWCVSS 6.8fixed in inn2 2.5.3-1 (bookworm)2012
CVE-2012-3523 [MEDIUM] CVE-2012-3523: inn - The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restr...
The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
Scope: local
bookworm: resolved
debian