Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-2666 | First vendor Publication | 2009-08-07 |
Vendor | Cve | Last vendor Modification | 2018-10-10 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 6.4 | Attack Range | Network |
Cvss Impact Score | 4.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-310 | Cryptographic Issues |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11059 | |||
Oval ID: | oval:org.mitre.oval:def:11059 | ||
Title: | socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||
Description: | socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2666 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13893 | |||
Oval ID: | oval:org.mitre.oval:def:13893 | ||
Title: | USN-816-1 -- fetchmail vulnerability | ||
Description: | Moxie Marlinspike discovered that fetchmail did not properly handle certificates with NULL characters in the certificate name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-816-1 CVE-2009-2666 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 9.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | fetchmail |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22871 | |||
Oval ID: | oval:org.mitre.oval:def:22871 | ||
Title: | ELSA-2009:1427: fetchmail security update (Moderate) | ||
Description: | socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1427-01 CVE-2007-4565 CVE-2008-2711 CVE-2009-2666 | Version: | 17 |
Platform(s): | Oracle Linux 5 | Product(s): | fetchmail |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29379 | |||
Oval ID: | oval:org.mitre.oval:def:29379 | ||
Title: | RHSA-2009:1427 -- fetchmail security update (Moderate) | ||
Description: | An updated fetchmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1427 CESA-2009:1427-CentOS 3 CESA-2009:1427-CentOS 5 CVE-2007-4565 CVE-2008-2711 CVE-2009-2666 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 3 CentOS Linux 5 | Product(s): | fetchmail |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for fetchmail CESA-2009:1427 centos3 i386 File : nvt/gb_CESA-2009_1427_fetchmail_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for fetchmail CESA-2009:1427 centos4 i386 File : nvt/gb_CESA-2009_1427_fetchmail_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for fetchmail CESA-2009:1427 centos5 i386 File : nvt/gb_CESA-2009_1427_fetchmail_centos5_i386.nasl |
2011-03-09 | Name : Gentoo Security Advisory GLSA 201006-12 (fetchmail) File : nvt/glsa_201006_12.nasl |
2010-05-12 | Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006 File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:201-1 (fetchmail) File : nvt/mdksa_2009_201_1.nasl |
2009-10-13 | Name : SLES10: Security update for fetchmail File : nvt/sles10_fetchmail.nasl |
2009-10-11 | Name : SLES11: Security update for fetchmail File : nvt/sles11_fetchmail.nasl |
2009-10-10 | Name : SLES9: Security update for fetchmail File : nvt/sles9p5055302.nasl |
2009-09-15 | Name : CentOS Security Advisory CESA-2009:1427 (fetchmail) File : nvt/ovcesa2009_1427.nasl |
2009-09-09 | Name : RedHat Security Advisory RHSA-2009:1427 File : nvt/RHSA_2009_1427.nasl |
2009-09-09 | Name : Fedora Core 10 FEDORA-2009-8770 (fetchmail) File : nvt/fcore_2009_8770.nasl |
2009-09-09 | Name : Fedora Core 11 FEDORA-2009-8780 (fetchmail) File : nvt/fcore_2009_8780.nasl |
2009-08-17 | Name : Ubuntu USN-816-1 (fetchmail) File : nvt/ubuntu_816_1.nasl |
2009-08-17 | Name : SuSE Security Advisory SUSE-SA:2009:044 (subversion) File : nvt/suse_sa_2009_044.nasl |
2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:201 (fetchmail) File : nvt/mdksa_2009_201.nasl |
2009-08-17 | Name : FreeBSD Ports: fetchmail File : nvt/freebsd_fetchmail12.nasl |
2009-08-17 | Name : Debian Security Advisory DSA 1852-1 (fetchmail) File : nvt/deb_1852_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-218-01 fetchmail File : nvt/esoft_slk_ssa_2009_218_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
56855 | Fetchmail X.509 Certificate Authority (CA) Common Name Null Byte Handling SSL... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1427.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090908_fetchmail_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2010-06-02 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201006-12.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1852.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_2.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-006.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_fetchmail-6410.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_fetchmail-6409.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_fetchmail-090807.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12468.nasl - Type : ACT_GATHER_INFO |
2009-09-09 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1427.nasl - Type : ACT_GATHER_INFO |
2009-09-09 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1427.nasl - Type : ACT_GATHER_INFO |
2009-09-04 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8780.nasl - Type : ACT_GATHER_INFO |
2009-09-04 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8770.nasl - Type : ACT_GATHER_INFO |
2009-08-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-201.nasl - Type : ACT_GATHER_INFO |
2009-08-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-816-1.nasl - Type : ACT_GATHER_INFO |
2009-08-12 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_5179d85c868311de91b90022157515b2.nasl - Type : ACT_GATHER_INFO |
2009-08-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_fetchmail-090807.nasl - Type : ACT_GATHER_INFO |
2009-08-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_fetchmail-090807.nasl - Type : ACT_GATHER_INFO |
2009-08-07 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-218-01.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-05 01:06:06 |
|
2021-05-04 12:09:52 |
|
2021-04-22 01:10:14 |
|
2020-05-23 01:40:41 |
|
2020-05-23 00:24:06 |
|
2018-10-11 00:19:39 |
|
2017-09-19 09:23:19 |
|
2016-06-28 17:47:03 |
|
2016-04-26 19:00:39 |
|
2014-02-17 10:51:00 |
|
2013-05-10 23:54:45 |
|