Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
BID:50709
Info
Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
| Bugtraq ID: | 50709 |
| Class: | Design Error |
| CVE: |
CVE-2011-4318 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 17 2011 12:00AM |
| Updated: | Apr 13 2015 09:30PM |
| Credit: | Reported by the vendor |
| Vulnerable: |
Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Dovecot Dovecot 2.0.13 Dovecot Dovecot 2.0.12 Dovecot Dovecot 2.0.4 Dovecot Dovecot 2.0.3 Dovecot Dovecot 2.0.2 Dovecot Dovecot 2.0.1 Dovecot Dovecot 2.0.5 Dovecot Dovecot 2.0.3 Dovecot Dovecot 2.0.2 Dovecot Dovecot 2.0.15 Dovecot Dovecot 2.0.1 Dovecot Dovecot 2.0.0 CentOS CentOS 6 |
| Not Vulnerable: |
Dovecot Dovecot 2.0.16 |
Discussion
Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
Dovecot is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates from a server.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid further attacks.
Dovecot versions prior to 2.0.16 are vulnerable.
Dovecot is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates from a server.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid further attacks.
Dovecot versions prior to 2.0.16 are vulnerable.
Exploit / POC
Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
An attacker can use readily available network utilities to exploit this issue.
An attacker can use readily available network utilities to exploit this issue.
Solution / Fix
Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
References:
References:
- Dovecot Changelog (Dovecot)
- Dovecot Homepage (Dovecot)