92 matches found
Mandriva Linux Security Advisory : libesmtp (MDVSA-2010:195)
Multiple vulnerabilities has been found and corrected in libesmtp : libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' NUL character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL...
Security fix for the ALT Linux 6 package libesmtp version 1.0.6-alt1
Oct. 5, 2010 Vladimir Lettiev 1.0.6-alt1 - New version 1.0.6: + Fixed CVE-2010-1192, CVE-2010-1194 certificate validation flaws - Build changes: + Disabled static build + Fixed install section + Plugins moved from devel subpackage to the main...
Security fix for the ALT Linux 5 package libesmtp version 1.0.4-alt2.1.0.M50P.1
Oct. 5, 2010 Vladimir Lettiev 1.0.4-alt2.1.0.M50P.1 - Fixed CVE-2010-1192, CVE-2010-1194 certificate validation flaws. Fix backported from 1.0.6...
openSUSE Security Update : libesmtp (openSUSE-SU-2010:0220-1)
libesmtp did not properly handle wildcards and embedded null characters in the Common Name of X.509 certificates CVE-2010-1192, CVE-2010-1194. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
libESMTP multiple vulnerabilities
This host has libESMTP installed and is prone to multiple vulnerabilities. Vulnerabilities Insight: Multiple flaws are due to: - An error in 'matchcomponent' function in 'smtp-tls.c' when processing substrings. It treats two strings as equal if one is a substring of the other, which allows...
libESMTP Detection (Linux/Unix SSH Login)
SSH login-based detection of libESMTP. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.800496";...
libESMTP <= 1.0.4 Multiple Vulnerabilities
libESMTP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:stafford.uklinux:libesmtp";...
Code injection
The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...
CVE-2010-1192
libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...
CVE-2010-1192
libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...
CVE-2010-1194
The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...
DEBIAN-CVE-2010-1194
The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...
CVE-2010-1194
The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...
CVE-2010-1192
libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...
CVE-2010-1194
The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...
DEBIAN-CVE-2010-1192
libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...
Design/Logic Flaw
libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...
CVE-2010-1194
The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...
CVE-2010-1192
libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...
CVE-2010-1192
CVE-2010-1192 affects libESMTP (likely 1.0.4 and earlier). The issue is improper handling of a NULL ('\0') character in the domain name within the Common Name field of an X.509 certificate, enabling MITM attackers to spoof SSL servers via a certificate issued by a legitimate CA. The description n...