CVE-2011-4318
Published: 18 November 2011
Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
Notes
Author | Note |
---|---|
jdstrand | SSL proxy connections were added in some Dovecot v1.x versions, but but v1.x doesn't support giving hostname as proxy destination, only IP address. (per upstream) |
Priority
Status
Package | Release | Status |
---|---|---|
dovecot Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
(1:1.2.15-3ubuntu2.1)
|
|
oneiric |
Released
(1:2.0.13-1ubuntu3.2)
|
|
upstream |
Released
(2.0.16)
|
|
Patches: upstream: http://hg.dovecot.org/dovecot-2.0/rev/5e9eaf63a6b1 upstream: http://hg.dovecot.org/dovecot-2.0/rev/de8715e4d793 upstream: http://hg.dovecot.org/dovecot-2.0/rev/4294e9136cd6 |