FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
a7975581-ee26-11e1-8bd8-0022156e8794	inn -- plaintext command injection into encrypted channel INN developers report: Fixed a possible plaintext command injection during the negotiation of a TLS layer. The vulnerability detailed in CVE-2011-0411 affects the STARTTLS and AUTHINFO SASL commands. nnrpd now resets its read buffer upon a successful negotiation of a TLS layer. It prevents malicious commands, sent unencrypted, from being executed in the new encrypted state of the session. Discovery 2012-08-14 Entry 2012-08-25 inn < 2.5.2_2 CVE-2012-3523 CVE-2011-0411 https://www.isc.org/software/inn/2.5.3article

VuXML ID

Description

a7975581-ee26-11e1-8bd8-0022156e8794

inn -- plaintext command injection into encrypted channel

INN developers report:

Fixed a possible plaintext command injection during the negotiation of a TLS layer. The vulnerability detailed in CVE-2011-0411 affects the STARTTLS and AUTHINFO SASL commands. nnrpd now resets its read buffer upon a successful negotiation of a TLS layer. It prevents malicious commands, sent unencrypted, from being executed in the new encrypted state of the session.

Discovery 2012-08-14
Entry 2012-08-25
inn

< 2.5.2_2

CVE-2012-3523
CVE-2011-0411
https://www.isc.org/software/inn/2.5.3article