Ubuntu: 967-1: w3m vulnerability

08-09-2010

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

Ubuntu: 967-1: w3m vulnerability

LinuxSecurity.com: Ludwig Nussel discovered w3m does not properly handle SSL/TLScertificates with NULL characters in the certificate name. Anattacker could exploit this to perform a man in the middleattack to view sensitive information or alter encryptedcommunications. (CVE-2010-2074) [More...]

More...

This User Gave Thanks to Linux Bot For This Post:

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

MKIMAPDCERT(8) Double Precision, Inc. MKIMAPDCERT(8) NAME
mkimapdcert - create a test SSL certificate for IMAP over SSL SYNOPSIS
/usr/sbin/mkimapdcert DESCRIPTION
IMAP over SSL requires a valid, signed, X.509 certificate. The default location for the certificate file is /usr/lib/courier/imapd.pem. mkimapdcert generates a self-signed X.509 certificate, mainly for testing. For production use the X.509 certificate must be signed by a recognized certificate authority, in order for mail clients to accept the certificate. /usr/lib/courier/imapd.pem must be owned by the daemon user and have no group or world permissions. The mkimapdcert command will enforce this. To prevent an unfortunate accident, mkimapdcert will not work if /usr/lib/courier/imapd.pem already exists. mkimapdcert requires OpenSSL to be installed. FILES
/usr/lib/courier/imapd.pem X.509 certificate. /etc/courier/imapd.cnf Parameters used by OpenSSL to create the X.509 certificate. SEE ALSO
courier(8)[1] AUTHOR
Sam Varshavchik Author NOTES
1. courier(8) [set $man.base.url.for.relative.links]/courier.html Courier Mail Server 04/04/2011 MKIMAPDCERT(8)

Security Advisories (RSS)

Ubuntu: 967-1: w3m vulnerability

LEARN ABOUT DEBIAN

mkimapdcert