Rapid7 Vulnerability & Exploit Database

RHSA-2011:0959: mutt security update

Back to Search

RHSA-2011:0959: mutt security update

Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
03/16/2011
Created
07/25/2018
Added
07/29/2011
Modified
07/04/2017

Description

Mutt is a text-mode mail user agent.A flaw was found in the way Mutt verified SSL certificates. When a serverpresented an SSL certificate chain, Mutt could ignore a server hostnamecheck failure. A remote attacker able to get a certificate from a trustedCertificate Authority could use this flaw to trick Mutt into accepting acertificate issued for a different hostname, and perform man-in-the-middleattacks against Mutt's SSL connections. (CVE-2011-1429)All Mutt users should upgrade to this updated package, which contains abackported patch to correct this issue. All running instances of Mutt mustbe restarted for this update to take effect.

Solution(s)

  • redhat-upgrade-mutt
  • redhat-upgrade-mutt-debuginfo

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;