Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 432002 - <net-nntp/inn-2.5.3 - plaintext command injection during the negotiation of a TLS layer (CVE-2012-3523)
Summary: <net-nntp/inn-2.5.3 - plaintext command injection during the negotiation of a...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://www.isc.org/software/inn/2.5....
Whiteboard: B3 [glsa]
Keywords:
Depends on: 432256
Blocks:
  Show dependency tree
 
Reported: 2012-08-20 01:07 UTC by Jeroen Roovers (RETIRED)
Modified: 2014-01-21 20:49 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2012-08-20 01:07:24 UTC
* Fixed a possible plaintext command injection during the negotiation of
    a TLS layer.  The vulnerability detailed in CVE-2011-0411 affects the
    STARTTLS and AUTHINFO SASL commands.  nnrpd now resets its read buffer
    upon a successful negotiation of a TLS layer.  It prevents malicious
    commands, sent unencrypted, from being executed in the new encrypted
    state of the session.
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2012-08-20 01:43:16 UTC
Arch teams, please test and mark stable:
=net-nntp/inn-2.5.3
Stable KEYWORDS : amd64 ppc x86
Comment 2 Agostino Sarubbo gentoo-dev 2012-08-22 13:29:26 UTC
amd64 stable
Comment 3 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2012-08-30 08:43:11 UTC
x86 stable
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2012-10-03 05:05:57 UTC
ping
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2012-10-27 17:14:16 UTC
ppc64?
Comment 6 Brent Baude (RETIRED) gentoo-dev 2012-11-20 20:53:39 UTC
ppc done
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2012-11-20 21:10:27 UTC
CVE-2012-3523 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3523):
  The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly
  restrict I/O buffering, which allows man-in-the-middle attackers to insert
  commands into encrypted sessions by sending a cleartext command that is
  processed after TLS is in place, related to a "plaintext command injection"
  attack, a similar issue to CVE-2011-0411.
Comment 8 Sean Amoss (RETIRED) gentoo-dev Security 2012-11-20 21:11:55 UTC
Thanks, everyone. 

GLSA vote: yes.
Comment 9 Stefan Behte (RETIRED) gentoo-dev Security 2012-12-16 21:56:32 UTC
Yes, created GLSA request.
Comment 10 Michael Palimaka (kensington) gentoo-dev 2013-04-08 13:33:19 UTC
Nothing else to do for net-news here.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2014-01-21 20:49:30 UTC
This issue was resolved and addressed in
 GLSA 201401-24 at http://security.gentoo.org/glsa/glsa-201401-24.xml
by GLSA coordinator Chris Reffett (creffett).