icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Ximian Evolution < 1.1.1 camel Component Man-in-the-Middle SSL Session Weakness

Medium

Synopsis

The remote host passes information across the network in an insecure manner.

Description

The remote host is running a version of the Ximian Evolution email client that may be vulnerable to a man-in-the-middle attack if the client is being used with SSL (IMAPS, SMTPS, POP3S). Evolution's camel component fails to re-authenticate previously accepted SSL certificates when reestablishing a connection. Exploitation of this vulnerability potentially allows for an attacker to intercept and/or modify SSL traffic.

Solution

Upgrade to Evolution 1.1.1 or higher.