CVE-2011-1428

Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html	Exploit
http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91
http://savannah.nongnu.org/patch/index.php?7459	Exploit Patch
http://secunia.com/advisories/43543	Vendor Advisory
http://www.securityfocus.com/bid/46612
http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html	Exploit
http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91
http://savannah.nongnu.org/patch/index.php?7459	Exploit Patch
http://secunia.com/advisories/43543	Vendor Advisory
http://www.securityfocus.com/bid/46612

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:flashtux:weechat::::::::
	cpe:2.3:a:flashtux:weechat:0.0.1:::::::*
	cpe:2.3:a:flashtux:weechat:0.0.2:::::::*
	cpe:2.3:a:flashtux:weechat:0.0.3:::::::*
	cpe:2.3:a:flashtux:weechat:0.0.4:::::::*
	cpe:2.3:a:flashtux:weechat:0.0.5:::::::*
	cpe:2.3:a:flashtux:weechat:0.0.6:::::::*
	cpe:2.3:a:flashtux:weechat:0.0.7:::::::*
	cpe:2.3:a:flashtux:weechat:0.0.8:::::::*
	cpe:2.3:a:flashtux:weechat:0.0.9:::::::*
	cpe:2.3:a:flashtux:weechat:0.1.0:::::::*
	cpe:2.3:a:flashtux:weechat:0.1.1:::::::*
	cpe:2.3:a:flashtux:weechat:0.1.2:::::::*
	cpe:2.3:a:flashtux:weechat:0.1.3:::::::*
	cpe:2.3:a:flashtux:weechat:0.1.4:::::::*
	cpe:2.3:a:flashtux:weechat:0.1.5:::::::*
	cpe:2.3:a:flashtux:weechat:0.1.6:::::::*
	cpe:2.3:a:flashtux:weechat:0.1.7:::::::*
	cpe:2.3:a:flashtux:weechat:0.1.8:::::::*
	cpe:2.3:a:flashtux:weechat:0.1.9:::::::*
	cpe:2.3:a:flashtux:weechat:0.2.0:::::::*
	cpe:2.3:a:flashtux:weechat:0.2.1:::::::*
	cpe:2.3:a:flashtux:weechat:0.2.2:::::::*
	cpe:2.3:a:flashtux:weechat:0.2.3:::::::*
	cpe:2.3:a:flashtux:weechat:0.2.4:::::::*
	cpe:2.3:a:flashtux:weechat:0.2.5:::::::*
	cpe:2.3:a:flashtux:weechat:0.2.6:::::::*
	cpe:2.3:a:flashtux:weechat:0.2.6.1:::::::*
	cpe:2.3:a:flashtux:weechat:0.2.6.2:::::::*
	cpe:2.3:a:flashtux:weechat:0.2.6.3:::::::*
	cpe:2.3:a:flashtux:weechat:0.3.0:::::::*
	cpe:2.3:a:flashtux:weechat:0.3.1:::::::*
	cpe:2.3:a:flashtux:weechat:0.3.1.1:::::::*
	cpe:2.3:a:flashtux:weechat:0.3.2:::::::*
	cpe:2.3:a:flashtux:weechat:0.3.3:::::::*

History

21 Nov 2024, 01:26

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html - Exploit~~	() http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html - Exploit
References	~~() http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91 -~~	() http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91 -
References	~~() http://savannah.nongnu.org/patch/index.php?7459 - Exploit, Patch~~	() http://savannah.nongnu.org/patch/index.php?7459 - Exploit, Patch
References	~~() http://secunia.com/advisories/43543 - Vendor Advisory~~	() http://secunia.com/advisories/43543 - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/46612 -~~	() http://www.securityfocus.com/bid/46612 -

Information

Published : 2011-03-16 22:55

Updated : 2024-11-21 01:26

NVD link : CVE-2011-1428

Mitre link : CVE-2011-1428

CVE.ORG link : CVE-2011-1428

JSON object : View

Products Affected

flashtux

weechat

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2011-1428", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-03-16T22:55:04.700", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91", "source": "cve@mitre.org"}, {"url": "http://savannah.nongnu.org/patch/index.php?7459", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/43543", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/46612", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://savannah.nongnu.org/patch/index.php?7459", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/43543", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/46612", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API."}, {"lang": "es", "value": "Wee Enhanced Environment para Chat (tambi\u00e9n conocido como WeeChat) v0.3.4 y anteriores no comprueban de forma correcta que el nombre del servidor coincide con el nombre de dominio del campo subject de un certificado X.509, que permite a los atacantes \"man-in-the-middle\" falsificar un servidor de chat SSL a trav\u00e9s de un certificado de su elecci\u00f3n, relacionado con el uso incorrecto de la API GnuTLS."}], "lastModified": "2024-11-21T01:26:17.417", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:flashtux:weechat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "466274E7-1A00-43E0-858D-E7502284C211", "versionEndIncluding": "0.3.4"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "385CCD88-6D19-4E74-A92F-351DA7649DAC"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FBC99DC-E5E3-414E-BA7A-EAA25B13BB66"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "077DDF91-4669-404E-A603-475FACF461B1"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93F23AEF-4A8E-492E-8EA4-365F21BDFD03"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19A374A8-5108-42D9-90BB-52DEE3B21CA4"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62AB2B6A-60B2-4F59-9B42-2143802328BC"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15051829-382B-4495-B948-819A0FA427D1"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37EA6810-410A-4E61-AB2D-E8281EBF6539"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0FB8EDF-52C0-4FC9-B426-76A64A0FE4E2"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04B2834C-56E7-4645-87FE-48BFEC371D2A"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF61EC94-F246-4409-90F3-EE7DFC69CAF4"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "550E6F5F-9097-4363-9070-570FD93C87D9"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBC981A4-46CB-406F-863B-5536A8D5CB56"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B73D8DC4-6DDF-46D3-9545-CE7B247434D7"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEF20591-A0B3-4016-B5F2-1D4B545611A8"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4547261E-1696-4AE4-BCFB-9BCE5FD25695"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A1EDE38-742B-42CA-AADD-90619ACA0548"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7009800C-1C58-47C7-B39E-1AE4D490AB75"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DD0016E-DFBB-4266-BAD1-C6AC3BBA6240"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "260A912C-8415-40AC-B3CA-88CAD52D999B"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74466A06-6DAC-484E-B087-0D0EDCF05B46"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "775BB9BF-C722-40C0-94C5-54E3E2F70EBC"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E32350E-BA84-405B-828E-587242F65D21"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F9DC6B2-477E-41A8-801A-B2D1FD9C74A8"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6ABB52B-A18E-4FEF-9D45-F03AE9A2C822"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC44B684-89A2-4A6E-8BC1-98C3C7B6A0FA"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD6E122F-B037-4969-A8B6-727FC137057F"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD9130CC-BB1D-4523-AE17-81FA7304D1F2"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BFD5C8D-A60C-41A4-A960-B1FDDC9ADA66"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E5C3F77-0B77-4270-A82B-185CE85B4D2C"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0E3319D-909D-4334-96C6-67656A228C7F"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3B74FE7-45EF-416A-8606-61FC0F05E76E"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FE21E59-3A2C-40A4-AE97-3EB2F8A2A509"}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2E27C97-37BE-4BA3-9BCD-900D8DC44F58"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

5.8 /10