← voltar
CVE-2010-1155

CVE-2010-1155

EPSS 1.6%
Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://github.com/ensc/irssi-proxy/commit/85bbc05b21678e80423815d2ef1dfe26208491abhttp://irssi.org/newshttp://irssi.org/news/ChangeLoghttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041054.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlhttp://marc.info/?l=oss-security&m=127098845125270&w=2http://marc.info/?l=oss-security&m=127110132019166&w=2http://marc.info/?l=oss-security&m=127116251220784&w=2http://marc.info/?l=oss-security&m=127119240204394&w=2http://secunia.com/advisories/39365http://secunia.com/advisories/39620http://secunia.com/advisories/39797