92 matches found
Mandriva Linux Security Advisory : libesmtp (MDVSA-2010:195)
Multiple vulnerabilities has been found and corrected in libesmtp : libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' NUL character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL...
Security fix for the ALT Linux 6 package libesmtp version 1.0.6-alt1
Oct. 5, 2010 Vladimir Lettiev 1.0.6-alt1 - New version 1.0.6: + Fixed CVE-2010-1192, CVE-2010-1194 certificate validation flaws - Build changes: + Disabled static build + Fixed install section + Plugins moved from devel subpackage to the main...
Security fix for the ALT Linux 5 package libesmtp version 1.0.4-alt2.1.0.M50P.1
Oct. 5, 2010 Vladimir Lettiev 1.0.4-alt2.1.0.M50P.1 - Fixed CVE-2010-1192, CVE-2010-1194 certificate validation flaws. Fix backported from 1.0.6...
openSUSE Security Update : libesmtp (openSUSE-SU-2010:0220-1)
libesmtp did not properly handle wildcards and embedded null characters in the Common Name of X.509 certificates CVE-2010-1192, CVE-2010-1194. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
libESMTP multiple vulnerabilities
This host has libESMTP installed and is prone to multiple vulnerabilities. Vulnerabilities Insight: Multiple flaws are due to: - An error in 'matchcomponent' function in 'smtp-tls.c' when processing substrings. It treats two strings as equal if one is a substring of the other, which allows...
libESMTP <= 1.0.4 Multiple Vulnerabilities
libESMTP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:stafford.uklinux:libesmtp";...
libESMTP Detection (Linux/Unix SSH Login)
SSH login-based detection of libESMTP. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.800496";...
CVE-2010-1194
The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...
Code injection
The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...
CVE-2010-1192
libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...
CVE-2010-1194
The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...
DEBIAN-CVE-2010-1194
The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...
DEBIAN-CVE-2010-1192
libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...
CVE-2010-1192
libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...
CVE-2010-1192
libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...
CVE-2010-1194
The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...
Design/Logic Flaw
libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...
CVE-2010-1194
The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...
CVE-2010-1192
libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...
CVE-2010-1194
The connected sources confirm CVE-2010-1194 affects libESMTP (notably 1.0.3.r1 and 1.0.4) where match_component in smtp-tls.c treats strings as equal if one is a substring of the other, enabling remote certificate spoofing via crafted subjectAltName. Public advisories (Mandriva) indicate patches ...