INN: Man-in-the-middle attack A vulnerability in INN's STARTTLS implementation could allow a remote attacker to conduct a man-in-the-middle attack. inn 2014-01-21 2014-01-21 432002 remote 2.5.3 2.5.3

INN is a news server which can interface with Usenet.

INN’s I/O buffering is not correctly restricted.

A remote attacker could inject commands into encrypted NNTP sessions.

There is no known workaround at this time.

All INN users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-nntp/inn-2.5.3" CVE-2012-3523 craig creffett