CVE-2010-1194
Published: 31 March 2010
The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName.
Priority
Status
Package | Release | Status |
---|---|---|
libesmtp Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Not vulnerable
(1.0.4-4)
|
|
maverick |
Not vulnerable
(1.0.4-5)
|
|
natty |
Not vulnerable
(1.0.6-1)
|
|
upstream |
Released
(1.0.4-2)
|