The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a plaintext command injection attack, a similar issue to CVE-2011-0411.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Inn | Isc | * | 2.5.2 (including) |
| Inn | Isc | 1.4 (including) | 1.4 (including) |
| Inn | Isc | 1.4sec (including) | 1.4sec (including) |
| Inn | Isc | 1.4sec2 (including) | 1.4sec2 (including) |
| Inn | Isc | 1.4unoff3 (including) | 1.4unoff3 (including) |
| Inn | Isc | 1.4unoff4 (including) | 1.4unoff4 (including) |
| Inn | Isc | 1.5 (including) | 1.5 (including) |
| Inn | Isc | 1.5.1 (including) | 1.5.1 (including) |
| Inn | Isc | 1.7 (including) | 1.7 (including) |
| Inn | Isc | 1.7.2 (including) | 1.7.2 (including) |
| Inn | Isc | 2.0 (including) | 2.0 (including) |
| Inn | Isc | 2.1 (including) | 2.1 (including) |
| Inn | Isc | 2.2 (including) | 2.2 (including) |
| Inn | Isc | 2.2.1 (including) | 2.2.1 (including) |
| Inn | Isc | 2.2.2 (including) | 2.2.2 (including) |
| Inn | Isc | 2.2.3 (including) | 2.2.3 (including) |
| Inn | Isc | 2.4.0 (including) | 2.4.0 (including) |
| Inn | Ubuntu | artful | * |
| Inn | Ubuntu | hardy | * |
| Inn | Ubuntu | lucid | * |
| Inn | Ubuntu | natty | * |
| Inn | Ubuntu | oneiric | * |
| Inn | Ubuntu | precise | * |
| Inn | Ubuntu | quantal | * |
| Inn | Ubuntu | raring | * |
| Inn | Ubuntu | saucy | * |
| Inn | Ubuntu | utopic | * |
| Inn | Ubuntu | vivid | * |
| Inn | Ubuntu | wily | * |
| Inn | Ubuntu | yakkety | * |
| Inn | Ubuntu | zesty | * |
| Inn2 | Ubuntu | hardy | * |
| Inn2 | Ubuntu | lucid | * |
| Inn2 | Ubuntu | natty | * |
| Inn2 | Ubuntu | oneiric | * |
| Inn2 | Ubuntu | precise | * |
| Inn2 | Ubuntu | upstream | * |