VDB

GCVE-110-MAGEIA-2015-165

GCVE-110-MAGEIA-2015-165
Advisory Published
Vulnetix · Advisory published April 23, 2015
Updated lftp packages fix security vulnerability: lftp incorrectly validates wildcard SSL certificates containing literal IP addresses, so under certain conditions, it would allow and use a wildcard match specified in the CN field, allowing a malicious server to participate in a MITM attack or just fool users into believing that it is a legitimate site (CVE-2014-0139). lftp was affected by this issue as it uses code from cURL for checking SSL certificates. The curl package was fixed in MGASA-2014-0153.

Affected Products

VendorProductVersionsPlatforms
Mageiaperl-Tk0 (affected), 804.33.0-1.mga5 (unaffected)
Mageialftp0 (affected), 4.4.14-1.1.mga4 (unaffected), 4.4.14-1.1.mga4 (unaffected), 0 (affected)

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›