Vulnerability Details : CVE-2011-1429
Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766.
Vulnerability category: Input validation
Products affected by CVE-2011-1429
- cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1429
0.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 63 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1429
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST |
CWE ids for CVE-2011-1429
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1429
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061461.html
[SECURITY] Fedora 13 Update: mutt-1.5.21-5.fc13
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/66015
Mutt SMTP TLS certificate weak security CVE-2011-1429 Vulnerability Report
-
http://www.securityfocus.com/bid/46803
Mutt SMTP TLS Certificate Security Bypass Vulnerability
-
http://seclists.org/fulldisclosure/2011/Mar/87
Full Disclosure: Mutt: failure to check server certificate in SMTP TLS connectionPatch
-
http://securityreason.com/securityalert/8143
Mutt: failure to check server certificate in SMTP TLS connection - CXSecurity.com
-
http://www.redhat.com/support/errata/RHSA-2011-0959.html
Support
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061356.html
[SECURITY] Fedora 14 Update: mutt-1.5.21-5.fc14
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061353.html
[SECURITY] Fedora 15 Update: mutt-1.5.21-5.fc15
Jump to