The RedCarpet command-line client (rug) does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle (MITM) attack.Referenceshttp://secunia.com/advisories/20396http://www.securityfocus.com/archive/1/435491/100/0/threadedhttp://www.securityfocus.com/bid/18193
