Bug 688751 (CVE-2011-1428) - CVE-2011-1428 weechat: improper verification of X.509 certificates can lead to MITM attacks
Summary: CVE-2011-1428 weechat: improper verification of X.509 certificates can lead t...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2011-1428
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 688752 688753
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-03-17 22:05 UTC by Vincent Danen
Modified: 2019-09-29 12:43 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-01-29 23:35:07 UTC
Embargoed:

Attachments (Terms of Use)

Description Vincent Danen 2011-03-17 22:05:54 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1428 to
the following vulnerability:

Name: CVE-2011-1428
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1428
Assigned: 20110316
Reference: http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html
Reference: http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commit;h=c265cad1c95b84abfd4e8d861f25926ef13b5d91
Reference: http://savannah.nongnu.org/patch/index.php?7459
Reference: http://www.securityfocus.com/bid/46612
Reference: http://secunia.com/advisories/43543

Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does
not properly verify that the server hostname matches the domain name
of the subject of an X.509 certificate, which allows man-in-the-middle
attackers to spoof an SSL chat server via an arbitrary certificate,
related to incorrect use of the GnuTLS API.
Comment 1 Vincent Danen 2011-03-17 22:07:22 UTC 
Created weechat tracking bugs for this issue

Affects: fedora-all [bug 688752]
Affects: epel-all [bug 688753]
Comment 2 Vincent Danen 2013-01-29 23:35:07 UTC 
Both Fedora and EPEL now have 0.3.9.2 or higher which contain the fix.
Note You need to log in before you can comment on or make changes to this bug.