Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2009-2666HistoryAug 07, 2009 - 7:00 p.m.
CVE-2009-2666
2009-08-0719:00:00
Debian Security Bug Tracker
security-tracker.debian.org
17
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
50.4%
socket.c in fetchmail before 6.3.11 does not properly handle a ‘\0’ character in a domain name in the subject’s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | fetchmail | < 6.3.9~rc2-6 | fetchmail_6.3.9~rc2-6_all.deb |
| Debian | 11 | all | fetchmail | < 6.3.9~rc2-6 | fetchmail_6.3.9~rc2-6_all.deb |
| Debian | 10 | all | fetchmail | < 6.3.9~rc2-6 | fetchmail_6.3.9~rc2-6_all.deb |
| Debian | 999 | all | fetchmail | < 6.3.9~rc2-6 | fetchmail_6.3.9~rc2-6_all.deb |
| Debian | 13 | all | fetchmail | < 6.3.9~rc2-6 | fetchmail_6.3.9~rc2-6_all.deb |
Related
prion
prion
Design/Logic Flaw
2009-08-07 19:00:00
Code injection
2009-07-30 19:30:00
Design/Logic Flaw
2010-01-04 21:30:00
openvas
openvas
Mandriva Security Advisory MDVSA-2009:201-1 (fetchmail)
2009-12-10 00:00:00
FreeBSD Ports: fetchmail
2009-08-17 00:00:00
Mandrake Security Advisory MDVSA-2009:201 (fetchmail)
2009-08-17 00:00:00
cve
cve
ubuntucve
ubuntucve
nessus
nessus
Mandriva Linux Security Advisory : fetchmail (MDVSA-2009:201-1)
2009-08-13 00:00:00
Fedora 11 : fetchmail-6.3.9-5.fc11 (2009-8780)
2009-09-04 00:00:00
openSUSE Security Update : fetchmail (fetchmail-1179)
2009-08-12 00:00:00
securityvulns
securityvulns
fetchmail security announcement fetchmail-SA-2009-01 (CVE-2009-2666)
2009-08-08 00:00:00
fetchmail certificate spoofing
2009-08-08 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2020-04-10 00:36:12
Man-in-the-Middle (MitM)
2020-04-10 00:33:40
altlinux
altlinux
Security fix for the ALT Linux 5 package fetchmail version 6.3.13-alt1
2010-01-01 00:00:00
Security fix for the ALT Linux 6 package fetchmail version 6.3.13-alt1
2010-01-01 00:00:00
seebug
seebug
Fetchmail SSL证书空字符验证漏洞
2009-08-09 00:00:00
Mozilla Firefox NULL字符CA SSL证书验证安全绕过漏洞
2009-07-31 00:00:00
ubuntu
ubuntu
fetchmail vulnerability
2009-08-12 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: fetchmail-6.3.8-9.fc10
2009-09-04 04:08:14
[SECURITY] Fedora 11 Update: fetchmail-6.3.9-5.fc11
2009-09-04 04:05:36
freebsd
freebsd
fetchmail -- improper SSL certificate subject verification
2009-08-06 00:00:00
mozilla
mozilla
Compromise of SSL-protected communication — Mozilla
2009-08-01 00:00:00
slackware
slackware
fetchmail
2009-08-06 01:10:24
debian
debian
[SECURITY] [DSA 1852-1] New fetchmail packages fix SSL certificate verification weakness
2009-08-07 15:31:48
[Backports-security-announce] Security Update for proftpd-dfsg
2010-01-26 21:30:08
[Backports-security-announce] Security Update for proftpd-dfsg
2010-01-26 21:06:44
threatpost
threatpost
Apple Safari
2009-12-29 21:50:26
exploitdb
exploitdb
debiancve
debiancve
suse
suse
remote code execution in subversion
2009-08-14 11:06:32
gentoo
gentoo
Fetchmail: Multiple vulnerabilities
2010-06-01 00:00:00
talos
talos
Randombit Botan Library X509 Certificate Validation Bypass Vulnerability
2017-04-28 00:00:00
f5
f5
SOL14909 - OpenSSL vulnerability CVE-2013-4248
2014-01-15 00:00:00
K15683 : Ruby vulnerability CVE-2013-4073
2014-10-09 00:00:00
K15638 : Python vulnerability CVE-2013-4238
2014-10-17 00:00:00
aix
aix
Vulnerability in Diffie-Hellman ciphers affects sendmail on VIOS
2010-03-29 15:54:57
amazon
amazon
Medium: python27
2013-09-04 13:31:00
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
50.4%
Related for DEBIANCVE:CVE-2009-2666