CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
66.2%
Mutt does not verify that the smtps server hostname matches the domain name
of the subject of an X.509 certificate, which allows man-in-the-middle
attackers to spoof an SSL SMTP server via an arbitrary certificate, a
different vulnerability than CVE-2009-3766.
Author | Note |
---|---|
mdeslaur | debian may have used an incomplete patch from the upstream bug. |
tyhicks | This is not specific to SMTPS. It is in the common code that uses GnuTLS, meaning that the IMAPS and POP3S protocols are also affected. Debian is carrying a fix that upstream has not applied. It doesn’t look like this issue is fixed upstream. RHEL is also carrying the same fix. The fix may be the cause of a mutt sidebar related bug (a feature patch that debian and ubuntu carry) After more investigation, the sidebar related bug was preexisting. Hardy’s version of mutt has a considerably different mutt_ssl_gnutls.c and my testing has shown that it is not affected. |