Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Ximian Evolution < 1.1.1 camel Component Man-in-the-Middle SSL Session Weakness

Medium

Synopsis

The remote host passes information across the network in an insecure manner.

Description

The remote host is running a version of the Ximian Evolution email client that may be vulnerable to a man-in-the-middle attack if the client is being used with SSL (IMAPS, SMTPS, POP3S). Evolution's camel component fails to re-authenticate previously accepted SSL certificates when reestablishing a connection. Exploitation of this vulnerability potentially allows for an attacker to intercept and/or modify SSL traffic.

Solution

Upgrade to Evolution 1.1.1 or higher.