5 results (0.003 seconds)

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0

The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority. La implementación IMAP-over-SSL en getmail 4.44.0 no verifica que el nombre del servidor coincide con un nombre de dominio en el campo del asunto Common Name (CN) del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores IMAP y obtener información sensible a través de un certificado manipulado de una autoridad de certificación reconocido. • http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html http://openwall.com/lists/oss-security/2014/10/07/33 http://pyropus.ca/software/getmail/CHANGELOG http://secunia.com/advisories/61229 http://www.debian.org/security/2014/dsa-3091 • CWE-310: Cryptographic Issues •

CVSS: 5.8EPSS: 0%CPEs: 62EXPL: 0

The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate. La implementación POP3-over-SSL en getmail 4.0.0 hasta 4.44.0 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores POP3 y obtener información sensible a través de un certificado manipulado. • http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html http://openwall.com/lists/oss-security/2014/10/07/33 http://pyropus.ca/software/getmail/CHANGELOG http://secunia.com/advisories/61229 http://www.debian.org/security/2014/dsa-3091 • CWE-310: Cryptographic Issues •

CVSS: 6.8EPSS: 0%CPEs: 62EXPL: 0

The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate. La implementación IMAP-over-SSL en getmail 4.0.0 hasta 4.43.0 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores IMAP y obtener información sensible a través de un certificado manipulado. • http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html http://openwall.com/lists/oss-security/2014/10/07/33 http://pyropus.ca/software/getmail/CHANGELOG http://secunia.com/advisories/61229 http://www.debian.org/security/2014/dsa-3091 • CWE-310: Cryptographic Issues •

CVSS: 2.1EPSS: 0%CPEs: 27EXPL: 0

getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir. • http://marc.info/?l=bugtraq&m=109571883130372&w=2 http://security.gentoo.org/glsa/glsa-200409-32.xml http://www.debian.org/security/2004/dsa-553 http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG https://exchange.xforce.ibmcloud.com/vulnerabilities/17439 •

CVSS: 1.2EPSS: 0%CPEs: 27EXPL: 0

getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file. • http://marc.info/?l=bugtraq&m=109571883130372&w=2 http://security.gentoo.org/glsa/glsa-200409-32.xml http://www.debian.org/security/2004/dsa-553 http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG https://exchange.xforce.ibmcloud.com/vulnerabilities/17437 •