Computer Security
[EN] securityvulns.ru no-pyccku


getmail security vulnerabilities
Published:22.12.2014
Source:
SecurityVulns ID:14170
Type:m-i-t-m
Threat Level:
5/10
Description:Multiple vulnerabilities in certificates check.
Affected:GETMAIL : getmail 4.44
CVE:CVE-2014-7275 (The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate.)
 CVE-2014-7274 (The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority.)
 CVE-2014-7273 (The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3091-1] getmail4 security update (22.12.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod