exploit the possibilities
Showing 1 - 3 of 3 RSS Feed

CVE-2011-1429

Status Candidate

Overview

Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766.

Related Files

Mandriva Linux Security Advisory 2012-048
Posted Apr 3, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-048 - Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary, spoof
systems | linux, mandriva
advisories | CVE-2011-1429
MD5 | 094e0433b81f45554fb44dcaf700bb9f
Ubuntu Security Notice USN-1221-1
Posted Sep 30, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1221-1 - It was discovered that mutt incorrectly verified the hostname in an SSL certificate. An attacker could trick mutt into trusting a rogue SMTPS, IMAPS, or POP3S server's certificate, which was signed by a trusted certificate authority, to perform a man-in-the-middle attack.

tags | advisory, imap
systems | linux, ubuntu
advisories | CVE-2011-1429
MD5 | 92236cfa490c9a67d1e989b2f6397d43
Red Hat Security Advisory 2011-0959-01
Posted Jul 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0959-01 - Mutt is a text-mode mail user agent. A flaw was found in the way Mutt verified SSL certificates. When a server presented an SSL certificate chain, Mutt could ignore a server hostname check failure. A remote attacker able to get a certificate from a trusted Certificate Authority could use this flaw to trick Mutt into accepting a certificate issued for a different hostname, and perform man-in-the-middle attacks against Mutt's SSL connections. All Mutt users should upgrade to this updated package, which contains a backported patch to correct this issue. All running instances of Mutt must be restarted for this update to take effect.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2011-1429
MD5 | b410278fef774d9b3df678d19a0a978e
Page 1 of 1
Back1Next

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    10 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close