CVE-2012-3523

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a plaintext command injection attack, a similar issue to CVE-2011-0411.

Affected Software

Name	Vendor	Start Version	End Version
Inn	Isc	*	2.5.2 (including)
Inn	Isc	1.4 (including)	1.4 (including)
Inn	Isc	1.4sec (including)	1.4sec (including)
Inn	Isc	1.4sec2 (including)	1.4sec2 (including)
Inn	Isc	1.4unoff3 (including)	1.4unoff3 (including)
Inn	Isc	1.4unoff4 (including)	1.4unoff4 (including)
Inn	Isc	1.5 (including)	1.5 (including)
Inn	Isc	1.5.1 (including)	1.5.1 (including)
Inn	Isc	1.7 (including)	1.7 (including)
Inn	Isc	1.7.2 (including)	1.7.2 (including)
Inn	Isc	2.0 (including)	2.0 (including)
Inn	Isc	2.1 (including)	2.1 (including)
Inn	Isc	2.2 (including)	2.2 (including)
Inn	Isc	2.2.1 (including)	2.2.1 (including)
Inn	Isc	2.2.2 (including)	2.2.2 (including)
Inn	Isc	2.2.3 (including)	2.2.3 (including)
Inn	Isc	2.4.0 (including)	2.4.0 (including)
Inn	Ubuntu	artful	*
Inn	Ubuntu	hardy	*
Inn	Ubuntu	lucid	*
Inn	Ubuntu	natty	*
Inn	Ubuntu	oneiric	*
Inn	Ubuntu	precise	*
Inn	Ubuntu	quantal	*
Inn	Ubuntu	raring	*
Inn	Ubuntu	saucy	*
Inn	Ubuntu	utopic	*
Inn	Ubuntu	vivid	*
Inn	Ubuntu	wily	*
Inn	Ubuntu	yakkety	*
Inn	Ubuntu	zesty	*
Inn2	Ubuntu	hardy	*
Inn2	Ubuntu	lucid	*
Inn2	Ubuntu	natty	*
Inn2	Ubuntu	oneiric	*
Inn2	Ubuntu	precise	*
Inn2	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-3523
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References