CVE-2007-5770 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-5770
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-5770

Description: The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-596-1 SUSE http://www.novell.com/linux/security/advisories/2007_24_sr.html ST 1018938 SAID Secunia Advisory: SA27764 Secunia Advisory: SA27673 Secunia Advisory: SA26985 Secunia Advisory: SA27576 Secunia Advisory: SA27769 Secunia Advisory: SA27818 Secunia Advisory: SA28136 Secunia Advisory: SA27756 Secunia Advisory: SA28645 Secunia Advisory: SA29556 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0965.html http://www.redhat.com/support/errata/RHSA-2007-0961.html MISC MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:029 DEBIAN http://www.debian.org/security/2007/dsa-1410 http://www.debian.org/security/2007/dsa-1411 http://www.debian.org/security/2007/dsa-1412 CONFIRM http://docs.info.apple.com/article.html?artnum=307179 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656 CERT http://www.us-cert.gov/cas/techalerts/TA07-352A.html BID 26421 APPLE http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

Return to the previous page.