Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2010-1194

Опубликовано: 03 мар. 2010
Источник: redhat
CVSS2: 4.3

Описание

The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6libesmtpAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=571817libESMTP: Multiple certificate validation flaws

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2010-1194

ubuntu
больше 15 лет назад

The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName.

nvd логотип

CVE-2010-1194

nvd
больше 15 лет назад

The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName.

debian логотип

CVE-2010-1194

debian
больше 15 лет назад

The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and p ...

github логотип

GHSA-wqwx-p8fg-v9px

github
больше 3 лет назад

The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName.

4.3 Medium

CVSS2