Lucene search
HistoryNov 16, 2009 - 7:30 p.m.
CVE-2009-3942
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
AI Score
6.1
Confidence
High
EPSS
0.003
Percentile
65.2%
Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly handle a ‘\0’ character in a domain name in the (1) subject’s Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Affected configurations
Node
martin_lambersmsmtpRange≤1.4.18
ORmartin_lambersmsmtpMatch0.2.5
ORmartin_lambersmsmtpMatch0.2.6
ORmartin_lambersmsmtpMatch0.3.0
ORmartin_lambersmsmtpMatch0.3.1
ORmartin_lambersmsmtpMatch0.4.0
ORmartin_lambersmsmtpMatch0.4.1
ORmartin_lambersmsmtpMatch0.4.2
ORmartin_lambersmsmtpMatch0.5.0
ORmartin_lambersmsmtpMatch0.5.1
ORmartin_lambersmsmtpMatch0.5.2
ORmartin_lambersmsmtpMatch0.5.3
ORmartin_lambersmsmtpMatch0.6.0
ORmartin_lambersmsmtpMatch0.6.1
ORmartin_lambersmsmtpMatch0.6.2
ORmartin_lambersmsmtpMatch0.6.3
ORmartin_lambersmsmtpMatch0.6.4
ORmartin_lambersmsmtpMatch0.6.5
ORmartin_lambersmsmtpMatch0.6.6
ORmartin_lambersmsmtpMatch0.7.0
ORmartin_lambersmsmtpMatch0.7.1
ORmartin_lambersmsmtpMatch0.7.2
ORmartin_lambersmsmtpMatch1.0.0
ORmartin_lambersmsmtpMatch1.2.0
ORmartin_lambersmsmtpMatch1.2.1
ORmartin_lambersmsmtpMatch1.2.2
ORmartin_lambersmsmtpMatch1.2.3
ORmartin_lambersmsmtpMatch1.2.4
ORmartin_lambersmsmtpMatch1.4.0
ORmartin_lambersmsmtpMatch1.4.1
ORmartin_lambersmsmtpMatch1.4.2
ORmartin_lambersmsmtpMatch1.4.3
ORmartin_lambersmsmtpMatch1.4.4
ORmartin_lambersmsmtpMatch1.4.5
ORmartin_lambersmsmtpMatch1.4.6
ORmartin_lambersmsmtpMatch1.4.7
ORmartin_lambersmsmtpMatch1.4.8
ORmartin_lambersmsmtpMatch1.4.9
ORmartin_lambersmsmtpMatch1.4.10
ORmartin_lambersmsmtpMatch1.4.11
ORmartin_lambersmsmtpMatch1.4.12
ORmartin_lambersmsmtpMatch1.4.13
ORmartin_lambersmsmtpMatch1.4.14
ORmartin_lambersmsmtpMatch1.4.15
ORmartin_lambersmsmtpMatch1.4.16
ORmartin_lambersmsmtpMatch1.4.17
| Vendor | Product | Version | CPE |
|---|---|---|---|
| martin_lambers | msmtp | * | cpe:2.3:a:martin_lambers:msmtp:*:*:*:*:*:*:*:* |
| martin_lambers | msmtp | 0.2.5 | cpe:2.3:a:martin_lambers:msmtp:0.2.5:*:*:*:*:*:*:* |
| martin_lambers | msmtp | 0.2.6 | cpe:2.3:a:martin_lambers:msmtp:0.2.6:*:*:*:*:*:*:* |
| martin_lambers | msmtp | 0.3.0 | cpe:2.3:a:martin_lambers:msmtp:0.3.0:*:*:*:*:*:*:* |
| martin_lambers | msmtp | 0.3.1 | cpe:2.3:a:martin_lambers:msmtp:0.3.1:*:*:*:*:*:*:* |
| martin_lambers | msmtp | 0.4.0 | cpe:2.3:a:martin_lambers:msmtp:0.4.0:*:*:*:*:*:*:* |
| martin_lambers | msmtp | 0.4.1 | cpe:2.3:a:martin_lambers:msmtp:0.4.1:*:*:*:*:*:*:* |
| martin_lambers | msmtp | 0.4.2 | cpe:2.3:a:martin_lambers:msmtp:0.4.2:*:*:*:*:*:*:* |
| martin_lambers | msmtp | 0.5.0 | cpe:2.3:a:martin_lambers:msmtp:0.5.0:*:*:*:*:*:*:* |
| martin_lambers | msmtp | 0.5.1 | cpe:2.3:a:martin_lambers:msmtp:0.5.1:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2009-11-16 19:30:00
Code injection
2009-07-30 19:30:00
Design/Logic Flaw
2009-09-08 18:30:00
ubuntucve
ubuntucve
cvelist
cvelist
debiancve
debiancve
cve
cve
nessus
nessus
openSUSE Security Update : msmtp (msmtp-1813)
2010-01-20 00:00:00
openSUSE Security Update : msmtp (msmtp-1813)
2010-01-20 00:00:00
GLSA-201206-34 : msmtp: X.509 NULL spoofing vulnerability
2012-06-26 00:00:00
gentoo
gentoo
msmtp: X.509 NULL spoofing vulnerability
2012-06-25 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201206-34 (msmtp)
2012-08-10 00:00:00
Gentoo Security Advisory GLSA 201206-34 (msmtp)
2012-08-10 00:00:00
SLES11: Security update for mutt
2009-10-11 00:00:00
threatpost
threatpost
Apple Safari
2009-12-29 21:50:26
veracode
veracode
Man-in-the-Middle (MitM)
2020-04-10 00:33:40
nvd
nvd
seebug
seebug
Mozilla Firefox NULL字符CA SSL证书验证安全绕过漏洞
2009-07-31 00:00:00
Randombit Botan Library X509 Certificate Validation Bypass Vulnerability(CVE-2017-2801)
2017-09-19 00:00:00
mozilla-thunderbird多个安全漏洞
2009-10-10 00:00:00
mozilla
mozilla
Compromise of SSL-protected communication — Mozilla
2009-08-01 00:00:00
exploitdb
exploitdb
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2009-42
2009-08-07 00:00:00
fetchmail security announcement fetchmail-SA-2009-01 (CVE-2009-2666)
2009-08-08 00:00:00
[ MDVSA-2009:203 ] curl
2009-08-17 00:00:00
f5
f5
SOL14909 - OpenSSL vulnerability CVE-2013-4248
2014-01-15 00:00:00
K15638 : Python vulnerability CVE-2013-4238
2014-10-17 00:00:00
K15683 : Ruby vulnerability CVE-2013-4073
2014-10-09 00:00:00
aix
aix
Vulnerability in Diffie-Hellman ciphers affects sendmail on VIOS
2010-03-29 15:54:57
debian
debian
[Backports-security-announce] Security Update for proftpd-dfsg
2010-01-26 21:06:44
[Backports-security-announce] Security Update for proftpd-dfsg
2010-01-26 21:30:08
rubygems
rubygems
CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client
2013-06-26 20:00:00
talos
talos
Randombit Botan Library X509 Certificate Validation Bypass Vulnerability
2017-04-28 00:00:00
amazon
amazon
Medium: python27
2013-09-04 13:31:00
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
AI Score
6.1
Confidence
High
EPSS
0.003
Percentile
65.2%
Related for NVD:CVE-2009-3942