Microsoft Internet Information Services security vulnerabilities

log files information leakage, FTP STARTTLS session command injection...

CVE-2012-3523

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...

DEBIAN-CVE-2012-3523

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...

CVE-2012-3523

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...

CVE-2012-3523

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...

Command injection

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...

CVE-2012-3523

CVE-2012-3523 affects nnrpd (INN) prior to 2.5.3, where STARTTLS does not properly restrict I/O buffering. This enables MITM attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is established (plaintext command injection), related to CVE...

CVE-2012-3523

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...

CVE-2012-3523

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...

[ MDVSA-2012:156 ] inn

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:156 http://www.mandriva.com/security/ Package : inn Date : October 2, 2012 Affected: 2011. Problem Description: A security issue was identified and fixed in ISC INN: The STARTTLS implementation in INNs NNTP...

STARTTLS vulnerability in different mail applications

Atacker can inject cleartext commands before TLS phase...

Mandriva Update for inn MDVSA-2012:156 (inn)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Mandriva Linux Security Advisory : inn (MDVSA-2012:156)

A security issue was identified and fixed in ISC INN : The STARTTLS implementation in INN's NNTP server for readers, nnrpd, before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command tha...

Mandriva Update for inn MDVSA-2012:156 (inn)

Check for the Version of inn OpenVAS Vulnerability Test Mandriva Update for inn MDVSA-2012:156 inn Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

SuSE 10 Security Update : inn (ZYPP Patch Number 8276)

A STARTTLS injection issue has been fixed in inn. CVE-2012-3523 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid62061;...

Slackware: Security Advisory (SSA:2011-171-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

inn -- plaintext command injection into encrypted channel

INN developers report: Fixed a possible plaintext command injection during the negotiation of a TLS layer. The vulnerability detailed in CVE-2011-0411 affects the STARTTLS and AUTHINFO SASL commands. nnrpd now resets its read buffer upon a successful negotiation of a TLS layer. It prevents...

Network UPS Tools Service STARTTLS Command Support

The remote Network UPS Tools service supports the use of the 'STARTTLS' command to switch from a cleartext to an encrypted communications channel. Since Network UPS Tools provides no configuration setting for the server to require authentication to occur after the 'STARTTLS' command, it is...

Debian Security Advisory DSA 2346-1 (proftpd-dfsg)

The remote host is missing an update to proftpd-dfsg announced via advisory DSA 2346-1. OpenVAS Vulnerability Test $Id: deb23461.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2346-1 proftpd-dfsg Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft In...

FreeBSD : spamdyke -- STARTTLS Plaintext Injection Vulnerability (a47af810-3a17-11e1-a1be-00e0815b8da8)

Secunia reports : The vulnerability is caused due to the TLS implementation not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the 'STARTTLS' command. This can be exploited to insert arbitrary plaintext data e.g. SMTP commands during the...