fkie_cve-2010-1155
Vulnerability from fkie_nvd
Published
2010-04-16 19:30
Modified
2025-04-11 00:51
Severity ?
Summary
Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| irssi | irssi | * | |
| irssi | irssi | 0.8.0 | |
| irssi | irssi | 0.8.1 | |
| irssi | irssi | 0.8.2 | |
| irssi | irssi | 0.8.3 | |
| irssi | irssi | 0.8.4 | |
| irssi | irssi | 0.8.5 | |
| irssi | irssi | 0.8.6 | |
| irssi | irssi | 0.8.7 | |
| irssi | irssi | 0.8.8 | |
| irssi | irssi | 0.8.9 | |
| irssi | irssi | 0.8.10 | |
| irssi | irssi | 0.8.10 | |
| irssi | irssi | 0.8.10 | |
| irssi | irssi | 0.8.10 | |
| irssi | irssi | 0.8.10 | |
| irssi | irssi | 0.8.11 | |
| irssi | irssi | 0.8.11 | |
| irssi | irssi | 0.8.11 | |
| irssi | irssi | 0.8.12 | |
| irssi | irssi | 0.8.12 | |
| irssi | irssi | 0.8.13 | |
| irssi | irssi | 0.8.13 | |
| irssi | irssi | 0.8.14 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:irssi:irssi:*:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B25DF08F-FC05-4EC0-BBA2-6575F312DD8B",
"versionEndIncluding": "0.8.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:irssi:irssi:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "986E338F-D640-4874-9A5F-CEF1F9CE8ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:irssi:irssi:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC7D751E-3083-489B-88D7-01316FA474DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:irssi:irssi:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD04D75-0FB2-46A4-943F-C6D225E1EC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:irssi:irssi:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3D72FE63-DAE4-4297-88BA-190594604307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:irssi:irssi:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC775325-9EA0-4E13-A03A-BD315E10C056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:irssi:irssi:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "33D6B8D2-CAE3-4001-BF92-933417E43F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:irssi:irssi:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "396BCD07-520E-4FE8-8F83-DDE8F4B2D036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:irssi:irssi:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1732D0-2E71-4FDE-B528-3A9B6BEAA9DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:irssi:irssi:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "573668C9-CFBC-4B8E-885F-F2C5533304F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:irssi:irssi:0.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0631BD85-D548-417C-8977-2C3CF06DBEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:irssi:irssi:0.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "356E844D-D076-4FC7-B6A0-AB0F1927B009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:irssi:irssi:0.8.10:rc5:*:*:*:*:*:*",
"matchCriteriaId": "6D607284-5737-47E9-9037-B62467E348BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:irssi:irssi:0.8.10:rc6:*:*:*:*:*:*",
"matchCriteriaId": "52FD7686-E4CE-48D9-ABEE-5973CFF8333E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:irssi:irssi:0.8.10:rc7:*:*:*:*:*:*",
"matchCriteriaId": "85BDCC58-FC6E-432B-9E04-DCEF7527F3D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:irssi:irssi:0.8.10:rc8:*:*:*:*:*:*",
"matchCriteriaId": "BC60C00F-7FE1-4115-B45D-F0916AC663C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:irssi:irssi:0.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9AE96247-99B1-452F-B099-FC8C42E75051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:irssi:irssi:0.8.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "90AE0D8E-FE84-4AE5-A070-10419E3FC850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:irssi:irssi:0.8.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DB9950D5-3B0F-4A97-9164-15E84A3EF2D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:irssi:irssi:0.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "79F1FACC-F8CC-4757-A39C-C8752BA32928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:irssi:irssi:0.8.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F0738365-71F2-4F99-BAD0-8427E9D2F922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:irssi:irssi:0.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1FFA993F-4826-4937-B51D-438CFF4E08EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:irssi:irssi:0.8.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E94034DE-085E-4F8A-AC4C-ACD0FCF14C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:irssi:irssi:0.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "60E31CBB-A71A-4C3B-95CF-D393ADC91FE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate."
},
{
"lang": "es",
"value": "Irssi anterior v0.8.15, cuando usa SSL, no verifica que el servidor de nombres coincide con un nombre de dominio en el campo \"subject\" del Common Name (CN) o en un campo Subject Alternative Name del certifiado X.509, lo que permite a atacantes man-in-the-middel falsificar servidores IRC a trav\u00e9s de un certificado de su elecci\u00f3n. \r\n"
}
],
"id": "CVE-2010-1155",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-16T19:30:00.350",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://github.com/ensc/irssi-proxy/commit/85bbc05b21678e80423815d2ef1dfe26208491ab"
},
{
"source": "secalert@redhat.com",
"url": "http://irssi.org/news"
},
{
"source": "secalert@redhat.com",
"url": "http://irssi.org/news/ChangeLog"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041054.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=127098845125270\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=127110132019166\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=127116251220784\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=127119240204394\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39365"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/39620"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/39797"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.497301"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-929-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0856"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/0987"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/1110"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://github.com/ensc/irssi-proxy/commit/85bbc05b21678e80423815d2ef1dfe26208491ab"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://irssi.org/news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://irssi.org/news/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=127098845125270\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=127110132019166\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=127116251220784\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=127119240204394\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.497301"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-929-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57790"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…