MidnightBSD

Advisories for stafford.uklinux

CVE-2010-1192 MEDIUM

libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
stafford.uklinux libesmtp 1.0.3
stafford.uklinux libesmtp 0.8.10
stafford.uklinux libesmtp 0.8.11
stafford.uklinux libesmtp 1.0
stafford.uklinux libesmtp 1.0.2
stafford.uklinux libesmtp 0.8.2
stafford.uklinux libesmtp 0.8.1
stafford.uklinux libesmtp 0.8.5
stafford.uklinux libesmtp 0.7.0
stafford.uklinux libesmtp 0.8.7
stafford.uklinux libesmtp 0.8.3
stafford.uklinux libesmtp 0.7.1
stafford.uklinux libesmtp 0.4
stafford.uklinux libesmtp 0.6
stafford.uklinux libesmtp 0.8.4
stafford.uklinux libesmtp 0.8.0
stafford.uklinux libesmtp 0.8.9
stafford.uklinux libesmtp 1.0.1
stafford.uklinux libesmtp 0.5
stafford.uklinux libesmtp 0.1
stafford.uklinux libesmtp 0.3
stafford.uklinux libesmtp 0.2
stafford.uklinux libesmtp 0.6.1
stafford.uklinux libesmtp *
stafford.uklinux libesmtp 0.8.6
stafford.uklinux libesmtp 0.8.12
stafford.uklinux libesmtp 0.8.8
CVE-2010-1194 MEDIUM

The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
stafford.uklinux libesmtp 1.0.3
stafford.uklinux libesmtp 0.8.10
stafford.uklinux libesmtp 0.8.11
stafford.uklinux libesmtp 1.0
stafford.uklinux libesmtp 1.0.4
stafford.uklinux libesmtp 1.0.2
stafford.uklinux libesmtp 0.8.2
stafford.uklinux libesmtp 0.8.1
stafford.uklinux libesmtp 0.8.5
stafford.uklinux libesmtp 0.7.0
stafford.uklinux libesmtp 0.8.7
stafford.uklinux libesmtp 0.8.3
stafford.uklinux libesmtp 0.7.1
stafford.uklinux libesmtp 0.4
stafford.uklinux libesmtp 0.6
stafford.uklinux libesmtp 0.8.4
stafford.uklinux libesmtp 0.8.0
stafford.uklinux libesmtp 0.8.9
stafford.uklinux libesmtp 1.0.1
stafford.uklinux libesmtp 0.5
stafford.uklinux libesmtp 0.1
stafford.uklinux libesmtp 0.3
stafford.uklinux libesmtp 0.2
stafford.uklinux libesmtp 0.6.1
stafford.uklinux libesmtp 0.8.6
stafford.uklinux libesmtp 0.8.12
stafford.uklinux libesmtp 0.8.8