Mandrake Local Security Checks : Mandriva Update for inn MDVSA-2012:156 (inn)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.831735

Categoría: Mandrake Local Security Checks

Título: Mandriva Update for inn MDVSA-2012:156 (inn)

Resumen: The remote host is missing an update for the 'inn'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'inn'
package(s) announced via the referenced advisory.

Vulnerability Insight:
A security issue was identified and fixed in ISC INN:

The STARTTLS implementation in INN's NNTP server for readers, nnrpd,
before 2.5.3 does not properly restrict I/O buffering, which allows
man-in-the-middle attackers to insert commands into encrypted sessions
by sending a cleartext command that is processed after TLS is in place,
related to a plaintext command injection attack, a similar issue to
CVE-2011-0411 (CVE-2012-3523).

The updated packages have been upgraded to inn 2.5.3 which is not
vulnerable to this issue.

Affected Software/OS:
inn on Mandriva Linux 2011.0

Solution:
Please Install the Updated Packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-0411
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BugTraq ID: 46767
http://www.securityfocus.com/bid/46767
CERT/CC vulnerability note: VU#555316
http://www.kb.cert.org/vuls/id/555316
Debian Security Information: DSA-2233 (Google Search)
http://www.debian.org/security/2011/dsa-2233
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html
http://security.gentoo.org/glsa/glsa-201206-33.xml
http://www.openwall.com/lists/oss-security/2021/08/10/2
http://www.osvdb.org/71021
http://www.redhat.com/support/errata/RHSA-2011-0422.html
http://www.redhat.com/support/errata/RHSA-2011-0423.html
http://securitytracker.com/id?1025179
http://secunia.com/advisories/43646
http://secunia.com/advisories/43874
SuSE Security Announcement: SUSE-SR:2011:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://www.vupen.com/english/advisories/2011/0611
http://www.vupen.com/english/advisories/2011/0752
http://www.vupen.com/english/advisories/2011/0891
XForce ISS Database: multiple-starttls-command-execution(65932)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65932
Common Vulnerability Exposure (CVE) ID: CVE-2012-3523
http://www.mandriva.com/security/advisories?name=MDVSA-2012:156
http://secunia.com/advisories/50661
SuSE Security Announcement: openSUSE-SU-2012:1171 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-09/msg00058.html

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.831735
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for inn MDVSA-2012:156 (inn)
Resumen:	The remote host is missing an update for the 'inn'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'inn' package(s) announced via the referenced advisory. Vulnerability Insight: A security issue was identified and fixed in ISC INN: The STARTTLS implementation in INN's NNTP server for readers, nnrpd, before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a plaintext command injection attack, a similar issue to CVE-2011-0411 (CVE-2012-3523). The updated packages have been upgraded to inn 2.5.3 which is not vulnerable to this issue. Affected Software/OS: inn on Mandriva Linux 2011.0 Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0411 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html BugTraq ID: 46767 http://www.securityfocus.com/bid/46767 CERT/CC vulnerability note: VU#555316 http://www.kb.cert.org/vuls/id/555316 Debian Security Information: DSA-2233 (Google Search) http://www.debian.org/security/2011/dsa-2233 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html http://security.gentoo.org/glsa/glsa-201206-33.xml http://www.openwall.com/lists/oss-security/2021/08/10/2 http://www.osvdb.org/71021 http://www.redhat.com/support/errata/RHSA-2011-0422.html http://www.redhat.com/support/errata/RHSA-2011-0423.html http://securitytracker.com/id?1025179 http://secunia.com/advisories/43646 http://secunia.com/advisories/43874 SuSE Security Announcement: SUSE-SR:2011:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://www.vupen.com/english/advisories/2011/0611 http://www.vupen.com/english/advisories/2011/0752 http://www.vupen.com/english/advisories/2011/0891 XForce ISS Database: multiple-starttls-command-execution(65932) https://exchange.xforce.ibmcloud.com/vulnerabilities/65932 Common Vulnerability Exposure (CVE) ID: CVE-2012-3523 http://www.mandriva.com/security/advisories?name=MDVSA-2012:156 http://secunia.com/advisories/50661 SuSE Security Announcement: openSUSE-SU-2012:1171 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-09/msg00058.html
Copyright	Copyright (C) 2012 Greenbone AG