Debian: DSA-4210-1 Critical: Unbound DNS Flaws Linked to Data Leak Risks
debian
December 7, 2014
Several vulnerabilities have been discovered in getmail4, a mail retriever with support for POP3, IMAP4 and SDPS, that could allow man-in-the-middle attacks
Topics Covered
Summary
Several vulnerabilities have been discovered in getmail4, a mail
retriever with support for POP3, IMAP4 and SDPS, that could allow
man-in-the-middle attacks.
CVE-2014-7273
The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0
does not verify X.509 certificates from SSL servers, which allows
man-in-the-middle attackers to spoof IMAP servers and obtain
sensitive information via a crafted certificate.
CVE-2014-7274
The IMAP-over-SSL implementation in getmail 4.44.0 does not verify
that the server hostname matches a domain name in the subject's
Common Name (CN) field of the X.509 certificate, which allows
man-in-the-middle attackers to spoof IMAP servers and obtain
sensitive information via a crafted certificate from a recognized
Certification Authority.
CVE-2014-7275
The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0
does not verify X.509 certificates from SSL servers, which allows
man-in-the-middle attackers to spoof POP3 se...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: getmail4
CVE ID: CVE-2014-7273 CVE-2014-7274 CVE-2014-7275
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!