Lucene search
UbuntuUSN-1221-1HistorySep 29, 2011 - 12:00 a.m.
Mutt vulnerability
2011-09-2900:00:00
ubuntu.com
40
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
6.1
Confidence
Low
EPSS
0.003
Percentile
66.2%
Releases
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04
Packages
- mutt - text-based mailreader supporting MIME, GPG, PGP and threading
Details
It was discovered that mutt incorrectly verified the hostname in an SSL
certificate. An attacker could trick mutt into trusting a rogue SMTPS,
IMAPS, or POP3S server’s certificate, which was signed by a trusted certificate
authority, to perform a machine-in-the-middle attack.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 11.04 | noarch | mutt | < 1.5.21-2ubuntu3.1 | UNKNOWN |
| Ubuntu | 11.04 | noarch | mutt-dbg | < 1.5.21-2ubuntu3.1 | UNKNOWN |
| Ubuntu | 11.04 | noarch | mutt-patched | < 1.5.21-2ubuntu3.1 | UNKNOWN |
| Ubuntu | 10.10 | noarch | mutt | < 1.5.20-9ubuntu2.1 | UNKNOWN |
| Ubuntu | 10.10 | noarch | mutt-dbg | < 1.5.20-9ubuntu2.1 | UNKNOWN |
| Ubuntu | 10.10 | noarch | mutt-patched | < 1.5.20-9ubuntu2.1 | UNKNOWN |
| Ubuntu | 10.04 | noarch | mutt | < 1.5.20-7ubuntu1.1 | UNKNOWN |
| Ubuntu | 10.04 | noarch | mutt-dbg | < 1.5.20-7ubuntu1.1 | UNKNOWN |
| Ubuntu | 10.04 | noarch | mutt-patched | < 1.5.20-7ubuntu1.1 | UNKNOWN |
References
Related
securityvulns
securityvulns
mutt SSL certificate validation vulnerability
2011-10-01 00:00:00
[USN-1221-1] Mutt vulnerability
2011-10-01 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: mutt-1.5.21-5.fc13
2011-06-15 05:40:17
[SECURITY] Fedora 15 Update: mutt-1.5.21-5.fc15
2011-06-11 04:18:43
[SECURITY] Fedora 14 Update: mutt-1.5.21-5.fc14
2011-06-11 04:19:42
redhat
redhat
(RHSA-2011:0959) Moderate: mutt security update
2011-07-19 00:00:00
oraclelinux
oraclelinux
mutt security update
2011-07-19 00:00:00
freebsd
freebsd
mutt-devel -- failure to check SMTP TLS server certificate
2012-03-08 00:00:00
openvas
openvas
RedHat Update for mutt RHSA-2011:0959-01
2012-06-06 00:00:00
Fedora Update for mutt FEDORA-2011-7751
2011-06-20 00:00:00
Fedora Update for mutt FEDORA-2011-7739
2011-07-12 00:00:00
nessus
nessus
FreeBSD : mutt-devel -- failure to check SMTP TLS server certificate (49314321-7fd4-11e1-9582-001b2134ef46)
2012-04-09 00:00:00
RHEL 6 : mutt (RHSA-2011:0959)
2011-07-20 00:00:00
Fedora 14 : mutt-1.5.21-5.fc14 (2011-7751)
2011-06-12 00:00:00
cbl_mariner
cbl_mariner
CVE-2011-1429 affecting package mutt 2.2.12-1
2024-10-01 09:12:11
prion
prion
Design/Logic Flaw
2011-03-16 22:55:00
debiancve
debiancve
CVE-2011-1429
2011-03-16 22:55:04
cvelist
cvelist
CVE-2011-1429
2011-03-16 22:00:00
ubuntucve
ubuntucve
CVE-2011-1429
2011-03-16 00:00:00
cve
cve
CVE-2011-1429
2011-03-16 22:55:04
nvd
nvd
CVE-2011-1429
2011-03-16 22:55:04
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
6.1
Confidence
Low
EPSS
0.003
Percentile
66.2%
Related for USN-1221-1