Vulnerability CVE-2012-3523

Vulnerability Name:

CVE-2012-3523 (CCN-77919)

Assigned:

2012-08-22

Published:

2012-08-22

Updated:

2013-02-22

Summary:

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-264

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2012-3523

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2012:1171

Source: CCN
Type: SA50320
InterNetNews nnrpd "STARTTLS" Plaintext Injection Vulnerability

Source: SECUNIA
Type: UNKNOWN
50661

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2012:156

Source: CCN
Type: BID-55146
InterNetNews 'STARTTLS' Implementation Plaintext Arbitrary Command Injection Vulnerability

Source: XF
Type: UNKNOWN
inn-starttls-command-exec(77919)

Source: CCN
Type: Internet Systems Consortium Web site
ISC is pleased to announce that a new bug-fix release of INN is available, INN 2.5.3

Vulnerable Configuration:

Configuration 1:

cpe:/a:isc:inn:1.4:*:*:*:*:*:*:*

OR cpe:/a:isc:inn:1.4sec:*:*:*:*:*:*:*

OR cpe:/a:isc:inn:1.4sec2:*:*:*:*:*:*:*

OR cpe:/a:isc:inn:1.4unoff3:*:*:*:*:*:*:*

OR cpe:/a:isc:inn:1.4unoff4:*:*:*:*:*:*:*

OR cpe:/a:isc:inn:1.5:*:*:*:*:*:*:*

OR cpe:/a:isc:inn:1.5.1:*:*:*:*:*:*:*

OR cpe:/a:isc:inn:1.7:*:*:*:*:*:*:*

OR cpe:/a:isc:inn:1.7.2:*:*:*:*:*:*:*

OR cpe:/a:isc:inn:2.0:*:*:*:*:*:*:*

OR cpe:/a:isc:inn:2.1:*:*:*:*:*:*:*

OR cpe:/a:isc:inn:2.2:*:*:*:*:*:*:*

OR cpe:/a:isc:inn:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:isc:inn:2.2.2:*:*:*:*:*:*:*

OR cpe:/a:isc:inn:2.2.3:*:*:*:*:*:*:*

OR cpe:/a:isc:inn:2.4.0:*:*:*:*:*:*:*

OR cpe:/a:isc:inn:*:*:*:*:*:*:*:* (Version <= 2.5.2)

Configuration CCN 1:

cpe:/a:isc:inn:2.5.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20123523	V	CVE-2012-3523	2022-05-20
oval:org.opensuse.security:def:33791	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:33110	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:29492	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:26187	P	Security update for libvpx (Moderate)	2021-12-23
oval:org.opensuse.security:def:33062	P	Security update for gettext-runtime (Moderate)	2021-12-14
oval:org.opensuse.security:def:33063	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:26176	P	Security update for speex (Moderate)	2021-12-01
oval:org.opensuse.security:def:26175	P	Security update for xen (Moderate)	2021-12-01
oval:org.opensuse.security:def:33742	P	Security update for postgresql10 (Important)	2021-11-22
oval:org.opensuse.security:def:34576	P	Security update for qemu (Important)	2021-10-26
oval:org.opensuse.security:def:34536	P	Security update for mariadb (Moderate)	2021-09-09
oval:org.opensuse.security:def:29407	P	Security update for libcares2 (Important)	2021-08-16
oval:org.opensuse.security:def:32965	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:33685	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:33898	P	Security update for gdm (Important)	2021-04-28
oval:org.opensuse.security:def:29350	P	Security update for qemu (Important)	2021-04-22
oval:org.opensuse.security:def:33074	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:33071	P	Security update for python (Important)	2021-02-11
oval:org.opensuse.security:def:33022	P	Security update for python3 (Important)	2021-02-08
oval:org.opensuse.security:def:28925	P	Security update for java-1_8_0-ibm (Moderate)	2021-01-05
oval:org.opensuse.security:def:28348	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27624	P	Security update for inn	2020-12-01
oval:org.opensuse.security:def:28773	P	Security update for libvdpau (Moderate)	2020-12-01
oval:org.opensuse.security:def:33177	P	librpcsecgss on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33383	P	Security update for compat-openssl097g (Important)	2020-12-01
oval:org.opensuse.security:def:29084	P	Security update for dnsmasq (Important)	2020-12-01
oval:org.opensuse.security:def:29264	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:26251	P	Security update for zziplib (Moderate)	2020-12-01
oval:org.opensuse.security:def:29699	P	Security update for fetchmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:32347	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26752	P	libmusicbrainz4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30487	P	Security update for curl	2020-12-01
oval:org.opensuse.security:def:28336	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32722	P	libopensc2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26951	P	libgnomesu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28632	P	Security update for a2ps	2020-12-01
oval:org.opensuse.security:def:33153	P	libgnomesu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29028	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLE and mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:29064	P	Security update for bzip2 (Important)	2020-12-01
oval:org.opensuse.security:def:29802	P	Security update for inn	2020-12-01
oval:org.opensuse.security:def:26517	P	NetworkManager-gnome on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29805	P	Security update for ipsec-tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:32571	P	libvirt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26893	P	fetchmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28416	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:33815	P	Security update for glib2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:29052	P	Security update for bind (Critical)	2020-12-01
oval:org.opensuse.security:def:33440	P	Security update for Evolution	2020-12-01
oval:org.opensuse.security:def:29128	P	Security update for the Linux Kernel (Critical)	2020-12-01
oval:org.opensuse.security:def:33830	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:26379	P	Security update for irssi (Moderate)	2020-12-01
oval:org.opensuse.security:def:29748	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:32358	P	Security update for squidGuard (Moderate)	2020-12-01
oval:org.opensuse.security:def:26805	P	perl-Tk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30524	P	Security update for inn	2020-12-01
oval:org.opensuse.security:def:28337	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:32809	P	xorg-x11-Xvnc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27589	P	xorg-x11-libxcb-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28689	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:33133	P	ldapsmb on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33288	P	xalan-j2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29067	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:29133	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:29645	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:32346	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26601	P	libsamplerate on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29849	P	Security update for Linux kernel	2020-12-01
oval:org.opensuse.security:def:32665	P	freetype2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26907	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28547	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:28979	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:29053	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:33528	P	Security update for wget	2020-12-01
oval:org.opensuse.security:def:29766	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:33854	P	Security update for inn	2020-12-01
oval:org.opensuse.security:def:26460	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:29787	P	Security update for graphviz (Low)	2020-12-01
oval:org.opensuse.security:def:32436	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:26854	P	NetworkManager-gnome on GA media (Moderate)	2020-12-01
oval:com.ubuntu.cosmic:def:201235230000000	V	CVE-2012-3523 on Ubuntu 18.10 (cosmic) - low.	2012-11-11
oval:com.ubuntu.artful:def:20123523000	V	CVE-2012-3523 on Ubuntu 17.10 (artful) - low.	2012-11-11
oval:com.ubuntu.trusty:def:20123523000	V	CVE-2012-3523 on Ubuntu 14.04 LTS (trusty) - low.	2012-11-11
oval:com.ubuntu.bionic:def:201235230000000	V	CVE-2012-3523 on Ubuntu 18.04 LTS (bionic) - low.	2012-11-11
oval:com.ubuntu.bionic:def:20123523000	V	CVE-2012-3523 on Ubuntu 18.04 LTS (bionic) - low.	2012-11-11
oval:com.ubuntu.xenial:def:20123523000	V	CVE-2012-3523 on Ubuntu 16.04 LTS (xenial) - low.	2012-11-11
oval:com.ubuntu.xenial:def:201235230000000	V	CVE-2012-3523 on Ubuntu 16.04 LTS (xenial) - low.	2012-11-11
oval:com.ubuntu.cosmic:def:20123523000	V	CVE-2012-3523 on Ubuntu 18.10 (cosmic) - low.	2012-11-11
oval:com.ubuntu.precise:def:20123523000	V	CVE-2012-3523 on Ubuntu 12.04 LTS (precise) - low.	2012-11-11

BACK