A vulnerability in INN's STARTTLS implementation could allow a remote attacker to conduct a man-in-the-middle attack.
Package | net-nntp/inn on all architectures |
---|---|
Affected versions | < 2.5.3 |
Unaffected versions | >= 2.5.3 |
INN is a news server which can interface with Usenet.
INN’s I/O buffering is not correctly restricted.
A remote attacker could inject commands into encrypted NNTP sessions.
There is no known workaround at this time.
All INN users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-nntp/inn-2.5.3"
Release date
January 21, 2014
Latest revision
January 21, 2014: 1
Severity
low
Exploitable
remote
Bugzilla entries