Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0308

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-0308
Last Modified 19 Sep 2013 11:51:15
Published 08 Mar 2013 04:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-0308

Summary

The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Vulnerable Systems

Application

  • Git 1.8.1.3


References

CONFIRM - https://raw.github.com/git/git/master/Documentation/RelNotes/1.8.1.4.txt

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=909977

MISC - https://bugzilla.novell.com/show_bug.cgi?id=804730

XF - git-gitimapsend-spoofing(82329)

SECTRACK - 1028205

BID - 58148

SECUNIA - 52467

SECUNIA - 52443

SECUNIA - 52361

REDHAT - RHSA-2013:0589

MLIST - [ANNOUNCE] 20130220 Git v1.8.1.4

SUSE - openSUSE-SU-2013:0382

SUSE - openSUSE-SU-2013:0380

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701586

CONFIRM - http://support.apple.com/kb/HT5937

APPLE - APPLE-SA-2013-09-18-3


Last Updated: 27 May 2016 10:47:24