Информационная безопасность
[RU] switch to English


Уязвимости безопасности в getmail
Опубликовано:22 декабря 2014 г.
Источник:
SecurityVulns ID:14170
Тип:m-i-t-m
Уровень опасности:
5/10
Описание:Многочисленные уязвимости в проверке сертификатов.
Затронутые продукты:GETMAIL : getmail 4.44
CVE:CVE-2014-7275 (The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate.)
 CVE-2014-7274 (The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority.)
 CVE-2014-7273 (The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3091-1] getmail4 security update (22.12.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород