Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1429

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2011-1429
Last Modified 21 Sep 2011 11:30:13
Published 16 Mar 2011 06:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1429

Summary

Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766.

Vulnerable Systems

Application

  • Mutt


References

FULLDISC - 20110308 Mutt: failure to check server certificate in SMTP TLS connection

XF - mutt-smtptls-weak-security(66015)

BID - 46803

REDHAT - RHSA-2011:0959

SREASON - 8143

SECUNIA - 44937

FEDORA - FEDORA-2011-7756

FEDORA - FEDORA-2011-7751

FEDORA - FEDORA-2011-7739


Last Updated: 27 May 2016 10:56:19