Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
| Link | Tags |
|---|---|
| http://secunia.com/advisories/46886 | third party advisory |
| http://rhn.redhat.com/errata/RHSA-2013-0520.html | vendor advisory |
| https://bugs.gentoo.org/show_bug.cgi?id=390887 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=754980 | |
| http://secunia.com/advisories/52311 | third party advisory vendor advisory |
| http://hg.dovecot.org/dovecot-2.0/rev/5e9eaf63a6b1 | |
| http://www.dovecot.org/list/dovecot-news/2011-November/000200.html | mailing list |
| http://www.openwall.com/lists/oss-security/2011/11/18/7 | mailing list |
| http://www.openwall.com/lists/oss-security/2011/11/18/5 | mailing list |