CVE-2014-3556 Detail

CVE-2014-3556

CVE Descriptions

The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-77	Improper Neutralization of Special Elements used in a Command ('Command Injection') The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	6.8		AV:N/AC:M/Au:N/C:P/I:P/A:P	[email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Products Mentioned

Configuraton 0

F5>>Nginx >> Version From (including) 1.5.6 To (excluding) 1.6.1

F5>>Nginx >> Version 1.5.6 (Open CPE detail)
F5>>Nginx >> Version 1.5.7 (Open CPE detail)
F5>>Nginx >> Version 1.5.8 (Open CPE detail)
F5>>Nginx >> Version 1.5.9 (Open CPE detail)
F5>>Nginx >> Version 1.5.10 (Open CPE detail)
F5>>Nginx >> Version 1.5.11 (Open CPE detail)
F5>>Nginx >> Version 1.5.12 (Open CPE detail)
F5>>Nginx >> Version 1.5.13 (Open CPE detail)
F5>>Nginx >> Version 1.6.0 (Open CPE detail)

F5>>Nginx >> Version From (including) 1.7.0 To (excluding) 1.7.4

F5>>Nginx >> Version 1.7.0 (Open CPE detail)

References

http://marc.info/?l=bugtraq&m=142103967620673&w=2
Tags : vendor-advisory, x_refsource_HP

https://bugzilla.redhat.com/show_bug.cgi?id=1126891
Tags : x_refsource_CONFIRM

http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html
Tags : mailing-list, x_refsource_MLIST

http://nginx.org/download/patch.2014.starttls.txt
Tags : x_refsource_CONFIRM

CVE-2014-3556 : Detail