10 matches found
SuSE 11 Security Update : libesmtp (SAT Patch Number 2390)
libesmtp did not properly handle wildcards and embedded null characters in the Common Name of X.509 certificates CVE-2010-1192 / CVE-2010-1194. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE...
[ MDVSA-2010:195 ] libesmtp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:195 http://www.mandriva.com/security/ Package : libesmtp Date : October 4, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: Multiple...
Security fix for the ALT Linux 5 package libesmtp version 1.0.4-alt2.1.0.M50P.1
Oct. 5, 2010 Vladimir Lettiev 1.0.4-alt2.1.0.M50P.1 - Fixed CVE-2010-1192, CVE-2010-1194 certificate validation flaws. Fix backported from 1.0.6...
openSUSE Security Update : libesmtp (openSUSE-SU-2010:0220-1)
libesmtp did not properly handle wildcards and embedded null characters in the Common Name of X.509 certificates CVE-2010-1192, CVE-2010-1194. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
openSUSE Security Update : libesmtp (openSUSE-SU-2010:0220-1)
libesmtp did not properly handle wildcards and embedded null characters in the Common Name of X.509 certificates CVE-2010-1192, CVE-2010-1194. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
openSUSE Security Update : libesmtp (openSUSE-SU-2010:0220-1)
libesmtp did not properly handle wildcards and embedded null characters in the Common Name of X.509 certificates CVE-2010-1192, CVE-2010-1194. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
CVE-2010-1194
The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...
CVE-2010-1194
The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...
CVE-2010-1194
The connected sources confirm CVE-2010-1194 affects libESMTP (notably 1.0.3.r1 and 1.0.4) where match_component in smtp-tls.c treats strings as equal if one is a substring of the other, enabling remote certificate spoofing via crafted subjectAltName. Public advisories (Mandriva) indicate patches ...
CVE-2010-1194
The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...