CVE-2018-21029

Опубликовано: 30 окт. 2019

Источник: ubuntu

Приоритет: low

CVSS2: 7.5

CVSS3: 9.8

Описание

systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent)

Релиз	Статус	Примечание
bionic	not-affected	code not present
devel	not-affected	244.1-0ubuntu2
disco	ignored	end of life
eoan	not-affected	code not present
esm-infra-legacy/trusty	not-affected	code not present
esm-infra/bionic	not-affected	code not present
esm-infra/xenial	not-affected	code not present
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	not-affected	code not present

Показывать по

Ссылки на источники

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2018-21029

CVSS3: 6.3

redhat

больше 7 лет назад

CVE-2018-21029

CVSS3: 9.8

nvd

больше 6 лет назад

CVE-2018-21029

CVSS3: 9.8

msrc

больше 5 лет назад

Описание отсутствует

CVE-2018-21029

CVSS3: 9.8

debian

больше 6 лет назад

systemd 239 through 245 accepts any certificate signed by a trusted ce ...

GHSA-h2fw-qh29-9jv7

CVSS3: 9.8

github

больше 3 лет назад

systemd 239 through 243 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend.

7.5 High

CVSS2

9.8 Critical

CVSS3

CVE-2018-21029

Описание

Пакет systemd

Ссылки на источники

Связанные уязвимости