CVE-2009-3766

Sažetak

mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Reference

http://dev.mutt.org/trac/ticket/3087
http://marc.info/?l=oss-security&m=125198917018936&w=2
http://www.openwall.com/lists/oss-security/2009/10/26/1

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

07-11-2019 - 15:35

Objavljeno

23-10-2009 - 19:30