Summary
Detail | |||
---|---|---|---|
Vendor | Martin Lambers | First view | 2009-11-16 |
Product | Msmtp | Last view | 2009-11-16 |
Version | Type | Application | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.4 | 2009-11-16 | CVE-2009-3942 | Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (1) | CWE-310 | Cryptographic Issues |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
59960 | msmtp X.509 Certificate Multiple Fields NULL Character Spoofing SSL MiTM Weak... |
OpenVAS Exploits
id | Description |
---|---|
2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-34 (msmtp) File : nvt/glsa_201206_34.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2012-06-26 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201206-34.nasl - Type: ACT_GATHER_INFO |
2010-01-20 | Name: The remote openSUSE host is missing a security update. File: suse_11_0_msmtp-100118.nasl - Type: ACT_GATHER_INFO |
2010-01-20 | Name: The remote openSUSE host is missing a security update. File: suse_11_1_msmtp-100118.nasl - Type: ACT_GATHER_INFO |
2010-01-20 | Name: The remote openSUSE host is missing a security update. File: suse_11_2_msmtp-100117.nasl - Type: ACT_GATHER_INFO |