Summary
This host has libESMTP installed and is prone to multiple vulnerabilities.
Vulnerabilities Insight:
Multiple flaws are due to:
- An error in 'match_component()' function in 'smtp-tls.c' when processing substrings. It treats two strings as equal if one is a substring of the other, which allows attackers to spoof trusted certificates via a crafted subjectAltName.
- An error in handling of 'X.509 certificate'. It does not properly handle a '&qt?&qt' character in a domain name in the 'subject&qts Common Name' field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate.
Impact
Attackers can exploit this issue to conduct man-in-the-middle attacks to spoof arbitrary SSL servers and to spoof trusted certificates.
Impact Level: Application
Solution
Apply patch from below links,
https://bugzilla.redhat.com/attachment.cgi?id=399131&action=edit https://bugzilla.redhat.com/attachment.cgi?id=398839&action=edit
*****
NOTE: Ignore this warning, if above mentioned patch is manually applied.
*****
Affected
libESMTP version 1.0.4 and prior.
References
Severity
Classification
-
CVE CVE-2010-1192, CVE-2010-1194 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple Safari 'javascript: URI' XSS Vulnerability - Sep09
- Apple Safari Multiple Memory Corruption Vulnerabilities-02 Aug14 (Mac OS X)
- Adobe Reader Information Disclosure & Code Execution Vulnerabilities (Linux)
- APC PowerChute Business Edition Unspecified Cross Site Scripting Vulnerability
- Apple Safari 'Webkit' Information Disclosure Vulnerability (Win)