Your message dated Thu, 21 Feb 2013 22:09:42 +0200
with message-id <[email protected]>
and subject line closing
has caused the Debian Bug report #685581,
regarding inn: CVE-2012-3523 prone to STARTTLS plaintext command injection
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
685581: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685581
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: inn
Version: 1.7.2q-41
Severity: grave

>From oss-security mailing list:

the STARTTLS implementation in INN's NNTP server for readers,
nnrpd, before 2.5.3 does not properly restrict I/O buffering,
which allows man-in-the-middle attackers to insert commands
into encrypted sessions by sending a cleartext command that
is processed after TLS is in place, related to a "plaintext
command injection" attack, a similar issue to CVE-2011-0411.

References:
[1] https://www.isc.org/software/inn/2.5.3article
[2] https://bugs.gentoo.org/show_bug.cgi?id=432002
[3] https://bugzilla.redhat.com/show_bug.cgi?id=850478

Relevant upstream patch
(the 'diff -Nurp inn-2.5.2/nnrpd/misc.c inn-2.5.3/nnrpd/misc.c' part):
[4] ftp://ftp.isc.org/isc/inn/inn-2.5.2-2.5.3.diff.gz

http://www.openwall.com/lists/oss-security/2012/08/21/8
http://www.openwall.com/lists/oss-security/2012/08/21/12

- Henri Salo

--- End Message ---
--- Begin Message ---
Closing as non-important issue. Please contact me in case you need this package
backported to squeeze.

--
Henri Salo

--- End Message ---

Reply via email to