Mandriva Update For Inn MDVSA-2012:156 (inn) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A security issue was identified and fixed in ISC INN: The STARTTLS implementation in INN&#039 s NNTP server for readers, nnrpd, before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a plaintext command injection attack, a similar issue to CVE-2011-0411 (CVE-2012-3523). The updated packages have been upgraded to inn 2.5.3 which is not vulnerable to this issue.

Affected

inn on Mandriva Linux 2011.0

Severity

Classification

CVE CVE-2011-0411, CVE-2012-3523

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:074 (libneon0.27)
Mandrake Security Advisory MDVSA-2009:129 (file)
Mandrake Security Advisory MDVSA-2009:007 (ntp)
Mandrake Security Advisory MDVSA-2009:156 (net-snmp)
Mandrake Security Advisory MDVSA-2009:017 (kdebase)

Mandriva Update for inn MDVSA-2012:156 (inn)

Take action and discover your vulnerabilities