Vulnerability in Isc Inn

CVE-2012-3523

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after T…

EPSS: 0.032 (86.6th percentile) — read the EPSS interpretation.

Affected products

Isc Inn — versions 1.4, 1.4sec, 1.4sec2
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

secalert@redhat.com (vendor-advisory, x_refsource_MANDRIVA)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (vendor-advisory, x_refsource_SUSE)