CVE-2021-44273

Name
CVE-2021-44273
Description
e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode (i.e., acting as a proxy or a transparent proxy), with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers that it connected to, and thus was itself vulnerable to MITM attacks.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/e2guardian/e2guardian/issues/707
MISC https://github.com/e2guardian/e2guardian/commit/eae46a7e2a57103aadca903c4a24cca94dc502a2
MLIST http://www.openwall.com/lists/oss-security/2021/12/23/2

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:e2bn:e2guardian:*:*:*:*:*:*:*:* e2guardian >= 5.4.0 <= 5.4.3r

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
e2guardian 3.15-community 5.4.3r-r1 Noel Kuntze <noel.kuntze@thermi.consulting> possibly vulnerable
e2guardian edge-community 5.4.5r-r0 Noel Kuntze <noel.kuntze@thermi.consulting> fixed
e2guardian 3.16-community 5.4.5r-r0 Noel Kuntze <noel.kuntze@thermi.consulting> fixed
e2guardian 3.17-community 5.4.5r-r0 Noel Kuntze <noel.kuntze@thermi.consulting> fixed