CVE-2010-1155
CVE-2010-1155
Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://github.com/ensc/irssi-proxy/commit/85bbc05b21678e80423815d2ef1dfe26208491abhttp://irssi.org/newshttp://irssi.org/news/ChangeLoghttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041054.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlhttp://marc.info/?l=oss-security&m=127098845125270&w=2http://marc.info/?l=oss-security&m=127110132019166&w=2http://marc.info/?l=oss-security&m=127116251220784&w=2http://marc.info/?l=oss-security&m=127119240204394&w=2http://secunia.com/advisories/39365http://secunia.com/advisories/39620http://secunia.com/advisories/39797