Home page logo

oss-sec logo oss-sec mailing list archives

CVE request: sSMTP doesn't validate server certificates
From: Laurent Bigonville <bigon () debian org>
Date: Wed, 10 Oct 2012 11:59:13 +0200


It seems that sSMTP is not checking the server certificate when
connecting. This is quite annoying as one of the main ssmtp purpose is
to be used on satellite systems that could be connected to untrusted

This has been reported (with a proposed patch) to the Debian BTS (see

Could you please allocate a CVE number for this?


Laurent Bigonville

[0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662960

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]