What is the severity of REDHAT-BUG-909977?

The severity of REDHAT-BUG-909977 is considered to be moderate due to the potential for certificate validation bypass.

How do I fix REDHAT-BUG-909977?

To fix REDHAT-BUG-909977, ensure you are using a patched version of Git that correctly validates IMAP server SSL certificate hostnames.

What systems are affected by REDHAT-BUG-909977?

REDHAT-BUG-909977 affects versions of Git that utilize the git-imap-send command without proper SSL certificate hostname verification.

What are the potential impacts of REDHAT-BUG-909977?

The potential impacts of REDHAT-BUG-909977 include the risk of man-in-the-middle attacks due to improper SSL certificate validation.

Is there a workaround for REDHAT-BUG-909977?

A temporary workaround for REDHAT-BUG-909977 may include avoiding the use of the git-imap-send command until the vulnerability is patched.

Vulnerability/
REDHAT-BUG-909977

medium

11/2/2013

29/9/2019

REDHAT-BUG-909977

First published: Mon Feb 11 2013(Updated: )

A security flaw was found in the way git-imap-send command (tool to send a collection of patches from stdin to an IMAP folder) of Git performed IMAP server's SSL x509.v3 certificate validation (server's hostname was previously not verified to match the CN field of the particular certificate). A rogue server could use this flaw to conduct man-in-the-middle (MiTM) attacks, possibly leading to disclosure of sensitive information. References: [1] <a href="https://www.kernel.org/pub/software/scm/git/docs/git-imap-send.html">https://www.kernel.org/pub/software/scm/git/docs/git-imap-send.html</a> [2] <a href="https://github.com/git/git/blob/master/imap-send.c#L233">https://github.com/git/git/blob/master/imap-send.c#L233</a>

Affected Software	Affected Version	How to fix
Git

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-909977?
The severity of REDHAT-BUG-909977 is considered to be moderate due to the potential for certificate validation bypass.
How do I fix REDHAT-BUG-909977?
To fix REDHAT-BUG-909977, ensure you are using a patched version of Git that correctly validates IMAP server SSL certificate hostnames.
What systems are affected by REDHAT-BUG-909977?
REDHAT-BUG-909977 affects versions of Git that utilize the git-imap-send command without proper SSL certificate hostname verification.
What are the potential impacts of REDHAT-BUG-909977?
The potential impacts of REDHAT-BUG-909977 include the risk of man-in-the-middle attacks due to improper SSL certificate validation.
Is there a workaround for REDHAT-BUG-909977?
A temporary workaround for REDHAT-BUG-909977 may include avoiding the use of the git-imap-send command until the vulnerability is patched.

agent/last-modified-date
agent/first-publish-date
agent/type
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2013-0308
agent/references
agent/severity
agent/description
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/git
canonical/git

Frequently Asked Questions

What is the severity of REDHAT-BUG-909977?
The severity of REDHAT-BUG-909977 is considered to be moderate due to the potential for certificate validation bypass.
How do I fix REDHAT-BUG-909977?
To fix REDHAT-BUG-909977, ensure you are using a patched version of Git that correctly validates IMAP server SSL certificate hostnames.
What systems are affected by REDHAT-BUG-909977?
REDHAT-BUG-909977 affects versions of Git that utilize the git-imap-send command without proper SSL certificate hostname verification.
What are the potential impacts of REDHAT-BUG-909977?
The potential impacts of REDHAT-BUG-909977 include the risk of man-in-the-middle attacks due to improper SSL certificate validation.
Is there a workaround for REDHAT-BUG-909977?
A temporary workaround for REDHAT-BUG-909977 may include avoiding the use of the git-imap-send command until the vulnerability is patched.

REDHAT-BUG-909977

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-909977?

How do I fix REDHAT-BUG-909977?

What systems are affected by REDHAT-BUG-909977?

What are the potential impacts of REDHAT-BUG-909977?

Is there a workaround for REDHAT-BUG-909977?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of REDHAT-BUG-909977?

How do I fix REDHAT-BUG-909977?

What systems are affected by REDHAT-BUG-909977?

What are the potential impacts of REDHAT-BUG-909977?

Is there a workaround for REDHAT-BUG-909977?