Описание
The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | 1.0.6-1build1 |
| hardy | ignored | end of life |
| intrepid | ignored | end of life, was needed |
| jaunty | ignored | end of life |
| karmic | ignored | end of life |
| lucid | not-affected | 1.0.4-4 |
| maverick | not-affected | 1.0.4-5 |
| natty | not-affected | 1.0.6-1 |
| upstream | released | 1.0.4-2 |
Показывать по
6.8 Medium
CVSS2
Связанные уязвимости
The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName.
The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName.
The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and p ...
The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName.
6.8 Medium
CVSS2