Package: inn Version: 1.7.2q-41 Severity: grave >From oss-security mailing list:
the STARTTLS implementation in INN's NNTP server for readers, nnrpd, before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. References: [1] https://www.isc.org/software/inn/2.5.3article [2] https://bugs.gentoo.org/show_bug.cgi?id=432002 [3] https://bugzilla.redhat.com/show_bug.cgi?id=850478 Relevant upstream patch (the 'diff -Nurp inn-2.5.2/nnrpd/misc.c inn-2.5.3/nnrpd/misc.c' part): [4] ftp://ftp.isc.org/isc/inn/inn-2.5.2-2.5.3.diff.gz http://www.openwall.com/lists/oss-security/2012/08/21/8 http://www.openwall.com/lists/oss-security/2012/08/21/12 - Henri Salo -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
