Mandriva Update For Mutt MDVSA-2012:048 (mutt) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been found and corrected in mutt: Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766 (CVE-2011-1429). The updated packages have been patched to correct this issue.

Affected

mutt on Mandriva Linux 2011.0, Mandriva Linux 2010.1

Severity

Classification

CVE CVE-2009-3766, CVE-2011-1429

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:040 (dia)
Mandrake Security Advisory MDVSA-2009:161 (squid)
Mandrake Security Advisory MDVSA-2009:175 (pango)
Mandrake Security Advisory MDVSA-2009:011 (virtualbox)
Mandrake Security Advisory MDVSA-2009:201 (fetchmail)

Mandriva Update for mutt MDVSA-2012:048 (mutt)

Take action and discover your vulnerabilities