2 matches found
CVE-2010-1192
CVE-2010-1192 affects libESMTP (likely 1.0.4 and earlier). The issue is improper handling of a NULL ('\0') character in the domain name within the Common Name field of an X.509 certificate, enabling MITM attackers to spoof SSL servers via a certificate issued by a legitimate CA. The description n...
CVE-2010-1194
The connected sources confirm CVE-2010-1194 affects libESMTP (notably 1.0.3.r1 and 1.0.4) where match_component in smtp-tls.c treats strings as equal if one is a substring of the other, enabling remote certificate spoofing via crafted subjectAltName. Public advisories (Mandriva) indicate patches ...