CVE-2014-7274
https://notcve.org/view.php?id=CVE-2014-7274
The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority. La implementación IMAP-over-SSL en getmail 4.44.0 no verifica que el nombre del servidor coincide con un nombre de dominio en el campo del asunto Common Name (CN) del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores IMAP y obtener información sensible a través de un certificado manipulado de una autoridad de certificación reconocido. • http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html http://openwall.com/lists/oss-security/2014/10/07/33 http://pyropus.ca/software/getmail/CHANGELOG http://secunia.com/advisories/61229 http://www.debian.org/security/2014/dsa-3091 • CWE-310: Cryptographic Issues •
CVE-2014-7275
https://notcve.org/view.php?id=CVE-2014-7275
The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate. La implementación POP3-over-SSL en getmail 4.0.0 hasta 4.44.0 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores POP3 y obtener información sensible a través de un certificado manipulado. • http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html http://openwall.com/lists/oss-security/2014/10/07/33 http://pyropus.ca/software/getmail/CHANGELOG http://secunia.com/advisories/61229 http://www.debian.org/security/2014/dsa-3091 • CWE-310: Cryptographic Issues •