CVE-2012-3523
Published Nov 11, 2012
Last updated 12 years ago
Overview
- Description
- The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
- Source
- secalert@redhat.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-264
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:inn:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81DB051D-BFB7-4D5C-8B81-FD020B858606",
"versionEndIncluding": "2.5.2"
},
{
"criteria": "cpe:2.3:a:isc:inn:1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BFA721E1-1ED5-4855-9305-5BF6EAE84A8F"
},
{
"criteria": "cpe:2.3:a:isc:inn:1.4sec:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5D0063D-01CE-49E2-A19A-FA861F3C40CB"
},
{
"criteria": "cpe:2.3:a:isc:inn:1.4sec2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "967E86C5-3635-49FF-A98A-C9B2BC85A812"
},
{
"criteria": "cpe:2.3:a:isc:inn:1.4unoff3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "14DBB010-4064-4B46-834C-6FD5F1FE78FE"
},
{
"criteria": "cpe:2.3:a:isc:inn:1.4unoff4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EEE0D317-4F02-4896-95FC-20B64EB3A91F"
},
{
"criteria": "cpe:2.3:a:isc:inn:1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9915A668-8E8C-4EC8-A72A-6937EC7D3496"
},
{
"criteria": "cpe:2.3:a:isc:inn:1.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5658CF74-5AF1-4161-BF4C-6A394F2AA164"
},
{
"criteria": "cpe:2.3:a:isc:inn:1.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "62017AA2-B4DB-44AA-806C-6CFEC839E297"
},
{
"criteria": "cpe:2.3:a:isc:inn:1.7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4F9A712-AF96-4A04-B547-F29094ACFE9B"
},
{
"criteria": "cpe:2.3:a:isc:inn:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2480B45-A626-49F5-A48B-BA6DFAA4411B"
},
{
"criteria": "cpe:2.3:a:isc:inn:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21969A37-9F10-4D70-AC73-F3DB4D169AEB"
},
{
"criteria": "cpe:2.3:a:isc:inn:2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94FD2948-EF52-464B-A605-DA3806037762"
},
{
"criteria": "cpe:2.3:a:isc:inn:2.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1CC41E6D-B892-4888-8AEE-12287935F570"
},
{
"criteria": "cpe:2.3:a:isc:inn:2.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7DED2B74-71B6-467C-8B07-F6F728AD7BF4"
},
{
"criteria": "cpe:2.3:a:isc:inn:2.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "862E58CF-7194-421D-9E7D-60DB8AA1F9CB"
},
{
"criteria": "cpe:2.3:a:isc:inn:2.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F861584-D429-4E41-9003-97753BA64228"
}
],
"operator": "OR"
}
]
}
]