Candidate: CVE-2010-1194
PublicDate: 2010-03-31 18:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1194
 http://www.openwall.com/lists/oss-security/2010/03/09/3
Description:
 The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and
 possibly other versions including 1.0.4, treats two strings as equal if one
 is a substring of the other, which allows remote attackers to spoof trusted
 certificates via a crafted subjectAltName.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311191
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_libesmtp:
upstream_libesmtp: released (1.0.4-2)
dapper_libesmtp: ignored (reached end-of-life)
hardy_libesmtp: ignored (reached end-of-life)
intrepid_libesmtp: needed (reached end-of-life)
jaunty_libesmtp: ignored (reached end-of-life)
karmic_libesmtp: ignored (reached end-of-life)
lucid_libesmtp: not-affected (1.0.4-4)
maverick_libesmtp: not-affected (1.0.4-5)
natty_libesmtp: not-affected (1.0.6-1)
devel_libesmtp: not-affected (1.0.6-1build1)