Mutt Security Bypass Vulnerability Network Vulnerability

Summary

This host has installed Mutt and is prone to Security Bypass Vulnerability

Impact

Successful exploits allow attackers to spoof SSL certificates of trusted servers and redirect a user to a malicious web site. Impact Level: Application

Solution

Apply the patch https://bugzilla.redhat.com/show_bug.cgi?id=504979

Insight

When Mutt is linked with OpenSSL or GnuTLS it allows connections only one TLS certificate in the chain instead of verifying the entire chain.

Affected

Mutt version 1.5.19 on Linux.

References

http://www.openwall.com/lists/oss-security/2009/06/10/2
http://xforce.iss.net/xforce/xfdb/51068

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1390

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Asterisk Missing ACL Check Remote Security Bypass Vulnerability
Apple Safari Webkit Multiple Vulnerabilities - June13 (Mac OS X)
Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability (Win)
Apple Safari 'Webkit' Information Disclosure Vulnerability (Win)
Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Windows)

Take action and discover your vulnerabilities