Lucene search
UbuntuUSN-835-1HistorySep 21, 2009 - 12:00 a.m.
neon vulnerabilities
2009-09-2100:00:00
ubuntu.com
44
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
9.3 High
AI Score
Confidence
High
0.02 Low
EPSS
Percentile
89.0%
Releases
- Ubuntu 9.04
- Ubuntu 8.10
- Ubuntu 8.04
- Ubuntu 6.06
Packages
- neon -
- neon27 -
Details
Joe Orton discovered that neon did not correctly handle SSL certificates
with zero bytes in the Common Name. A remote attacker could exploit this
to perform a machine-in-the-middle attack to view sensitive information or
alter encrypted communications.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 9.04 | noarch | libneon27 | < 0.28.2-6.1ubuntu0.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libneon25-dev | < 0.28.2-6.1ubuntu0.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libneon27-dbg | < 0.28.2-6.1ubuntu0.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libneon27-dev | < 0.28.2-6.1ubuntu0.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libneon27-gnutls | < 0.28.2-6.1ubuntu0.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libneon27-gnutls-dbg | < 0.28.2-6.1ubuntu0.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libneon27-gnutls-dev | < 0.28.2-6.1ubuntu0.1 | UNKNOWN |
| Ubuntu | 8.10 | noarch | libneon27 | < 0.28.2-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 8.10 | noarch | libneon27-dbg | < 0.28.2-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 8.10 | noarch | libneon27-dev | < 0.28.2-2ubuntu0.1 | UNKNOWN |
Related
nessus
nessus
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : neon, neon27 vulnerabilities (USN-835-1)
2009-09-22 00:00:00
FreeBSD : neon -- NULL pointer dereference in Digest domain support (755fa519-80a9-11dd-8de5-0030843d3802)
2008-09-12 00:00:00
Mandriva Linux Security Advisory : libneon0.27 (MDVSA-2009:074)
2009-04-23 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-835-1)
2022-08-26 00:00:00
Fedora Update for neon FEDORA-2008-7661
2009-02-17 00:00:00
FreeBSD Ports: neon28
2008-09-17 00:00:00
prion
prion
Null pointer dereference
2008-08-27 15:21:00
Design/Logic Flaw
2009-08-21 17:30:00
cve
cve
CVE-2008-3746
2008-08-27 15:21:00
CVE-2009-2474
2009-08-21 17:30:00
freebsd
freebsd
neon -- NULL pointer dereference in Digest domain support
2008-08-15 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: neon-0.28.3-1.fc9
2008-10-16 02:07:23
debiancve
debiancve
CVE-2008-3746
2008-08-27 15:21:00
CVE-2009-2474
2009-08-21 17:30:00
ubuntucve
ubuntucve
CVE-2008-3746
2008-08-27 00:00:00
CVE-2009-2474
2009-08-21 00:00:00
cvelist
cvelist
CVE-2008-3746
2008-08-27 15:00:00
CVE-2009-2474
2009-08-21 17:00:00
nvd
nvd
CVE-2008-3746
2008-08-27 15:21:00
CVE-2009-2474
2009-08-21 17:30:00
oraclelinux
oraclelinux
neon security update
2009-09-21 00:00:00
centos
centos
neon security update
2009-09-22 13:46:23
securityvulns
securityvulns
libneon certificate spoofing
2009-08-25 00:00:00
[ MDVSA-2009:221 ] libneon0.27
2009-08-25 00:00:00
About the security content of Mac OS X v10.6.5 and Security Update 2010-007
2010-11-18 00:00:00
redhat
redhat
(RHSA-2009:1452) Moderate: neon security update
2009-09-21 00:00:00
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
9.3 High
AI Score
Confidence
High
0.02 Low
EPSS
Percentile
89.0%
Related for USN-835-1