Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1390

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-1390
Last Modified 19 Jun 2009 01:31:35
Published 16 Jun 2009 05:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1390

Summary

Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.

Vulnerable Systems

Application

  • Mutt 1.5.19


References

XF - mutt-x509-security-bypass(51068)

BID - 35288

MLIST - [oss-security] 20090610 Mutt 1.5.19 SSL chain verification flaw

CONFIRM - http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a

FEDORA - FEDORA-2009-6465

CONFIRM - http://dev.mutt.org/hg/mutt/rev/8f11dd00c770


Last Updated: 27 May 2016 10:50:33