VDB

GCVE-110-MAGEIA-2013-296

GCVE-110-MAGEIA-2013-296
Advisory Published
Vulnetix · Advisory published October 9, 2013
It was reported that ssmtp, an extremely simple MTA to get mail off the system to a mail hub, did not perform x509 certificate validation when initiating a TLS connection to server. A rogue server could use this flaw to conduct man-in- the-middle attack, possibly leading to user credentials leak. As a result, alterations may be required to the configuration if using TLS. The default ssmtp.conf now contains the lines below to load root certificates which should be created as ssmtp.conf.rpmnew if it has been altered. #IMPORTANT: Uncomment the following line if you use TLS authentication #TLS_CA_File=/etc/pki/tls/certs/ca-bundle.crt

Affected Products

VendorProductVersionsPlatforms
Mageiassmtp0 (affected), 2.64-8.3.mga3 (unaffected)
Mageiassmtp0 (affected), 2.64-5.3.mga2 (unaffected)

Browse GCVE Records

73,161 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›