890428 – (CVE-2014-3556) VUL-0: CVE-2014-3556: nginx: SMTP STARTTLS plaintext injection flaw

Bug 890428 (CVE-2014-3556) - VUL-0: CVE-2014-3556: nginx: SMTP STARTTLS plaintext injection flaw

Summary: VUL-0: CVE-2014-3556: nginx: SMTP STARTTLS plaintext injection flaw

Status:	VERIFIED UPSTREAM

Alias:	CVE-2014-3556

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2014-08-05 14:46 UTC by Alexander Bergmann
Modified:	2014-08-05 14:58 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2014-08-05 14:46:56 UTC

[nginx-announce] nginx security advisory (CVE-2014-3556)

Hello!

A bug in nginx SMTP proxy was found, which allows an attacker in a
privileged network position to inject commands into SSL sessions started
with the STARTTLS command, potentially making it possible to steal
sensitive information sent by clients (CVE-2014-3556).

The problem affects nginx 1.5.6 - 1.7.3.

The problem is fixed in nginx 1.7.4, 1.6.1.

Patch for the problem can be found here:

http://nginx.org/download/patch.2014.starttls.txt

Thanks to Chris Boulton for discovering this.

[1] http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html

Comment 1 Alexander Bergmann 2014-08-05 14:58:29 UTC

According to the affected versions this is not affecting us:

SLE-11-SP2:(SLMS/STUDIO/WebYaST)     nginx-1.0.15
openSUSE:12.3                        nginx-1.2.9
openSUSE:13.1                        nginx-1.4.7

Closing bug.