FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-1155

This CVE name corresponds to:

Entered Topic
2010-04-19 irssi -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2010-1155 at cve.mitre.org

Details

Type Candidate
Name CVE-2010-1155
Phase Assigned(20100329)

Description

Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate.

References

Source Reference
MLIST [oss-security] 20100411 CVE request: irssi 0.8.15
MLIST [oss-security] 20100412 Re: CVE request: irssi 0.8.15
MLIST [oss-security] 20100413 Re: CVE request: irssi 0.8.15
MLIST [oss-security] 20100413 Re: CVE request: irssi 0.8.15
CONFIRM http://github.com/ensc/irssi-proxy/commit/85bbc05b21678e80423815d2ef1dfe26208491ab
CONFIRM http://irssi.org/news
CONFIRM http://irssi.org/news/ChangeLog
FEDORA FEDORA-2010-6629
SLACKWARE SSA:2010-116-01
SUSE SUSE-SR:2010:011
UBUNTU USN-929-1
SECUNIA 39365
SECUNIA 39620
SECUNIA 39797
VUPEN ADV-2010-0856
VUPEN ADV-2010-0987
VUPEN ADV-2010-1110
VUPEN ADV-2010-1107
XF irssi-hostname-mitm(57790)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.