FreeBSD : sieve-connect -- TLS hostname verification was not occurring (a2ff483f-a5c6-11e2-9601-000d601460a4)

high Nessus Plugin ID 65975

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

sieve-connect developer Phil Pennock reports :

sieve-connect was not actually verifying TLS certificate identities matched the expected hostname.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?3e799dcf

http://www.nessus.org/u?3997710c

Plugin Details

Severity: High

ID: 65975

File Name: freebsd_pkg_a2ff483fa5c611e29601000d601460a4.nasl

Version: 1.6

Type: local

Published: 4/16/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:sieve-connect, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 4/15/2013

Vulnerability Publication Date: 4/14/2013