CVE-2011-1429
Published: 16 March 2011
Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766.
Notes
Author | Note |
---|---|
mdeslaur | debian may have used an incomplete patch from the upstream bug. |
tyhicks | This is not specific to SMTPS. It is in the common code that uses GnuTLS, meaning that the IMAPS and POP3S protocols are also affected. Debian is carrying a fix that upstream has not applied. It doesn't look like this issue is fixed upstream. RHEL is also carrying the same fix. The fix may be the cause of a mutt sidebar related bug (a feature patch that debian and ubuntu carry) After more investigation, the sidebar related bug was preexisting. Hardy's version of mutt has a considerably different mutt_ssl_gnutls.c and my testing has shown that it is not affected. |