Lucene search
Ubuntu.comUB:CVE-2009-2702HistorySep 08, 2009 - 12:00 a.m.
CVE-2009-2702
2009-09-0800:00:00
ubuntu.com
ubuntu.com
9
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
32.1%
KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a ‘\0’
character in a domain name in the Subject Alternative Name field of an
X.509 certificate, which allows man-in-the-middle attackers to spoof
arbitrary SSL servers via a crafted certificate issued by a legitimate
Certification Authority, a related issue to CVE-2009-2408.
Notes
| Author | Note |
|---|---|
| jdstrand | kde4libs not as serious since KDE4 has moved to Qt4. However, it should be fixed due to other applications may use it. Also, by nad checin verification (ie non-netowork) will use kssl. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 8.10 | noarch | kde4libs | < 4:4.1.4-0ubuntu1~intrepid1.3 | UNKNOWN |
| ubuntu | 9.04 | noarch | kde4libs | < 4:4.2.2-0ubuntu5.2 | UNKNOWN |
| ubuntu | 9.10 | noarch | kde4libs | < 4:4.3.1-0ubuntu3 | UNKNOWN |
| ubuntu | 10.04 | noarch | kde4libs | < 4:4.3.1-0ubuntu3 | UNKNOWN |
| ubuntu | 8.04 | noarch | kdelibs | < 4:3.5.10-0ubuntu1~hardy1.3 | UNKNOWN |
| ubuntu | 8.10 | noarch | kdelibs | < 4:3.5.10-0ubuntu6.2 | UNKNOWN |
| ubuntu | 9.04 | noarch | kdelibs | < 4:3.5.10.dfsg.1-1ubuntu8.2 | UNKNOWN |
| ubuntu | 9.10 | noarch | kdelibs | < 4:3.5.10.dfsg.1-2ubuntu5 | UNKNOWN |
| ubuntu | 10.04 | noarch | kdelibs | < 4:3.5.10.dfsg.1-2ubuntu5 | UNKNOWN |
Related
debiancve
debiancve
cve
cve
prion
prion
Design/Logic Flaw
2009-09-08 18:30:00
Code injection
2009-07-30 19:30:00
Design/Logic Flaw
2011-03-16 22:55:00
nessus
nessus
Mandriva Linux Security Advisory : kdelibs4 (MDVSA-2011:162)
2011-11-02 00:00:00
Debian DSA-1916-1 : kdelibs - insufficient input validation
2010-02-24 00:00:00
Mandriva Linux Security Advisory : kdelibs4 (MDVSA-2010:028)
2010-07-30 00:00:00
openvas
openvas
Mandriva Update for kdelibs4 MDVSA-2011:162 (kdelibs4)
2011-11-03 00:00:00
Mandriva Update for kdelibs4 MDVSA-2011:162 (kdelibs4)
2011-11-03 00:00:00
Fedora Core 10 FEDORA-2009-9427 (akonadi)
2009-09-15 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: kdeedu-4.3.1-1.fc11
2009-09-15 07:39:23
[SECURITY] Fedora 11 Update: akonadi-1.2.1-1.fc11
2009-09-15 07:39:23
[SECURITY] Fedora 11 Update: kdelibs-experimental-4.3.1-1.fc11
2009-09-15 07:39:23
debian
debian
[SECURITY] [DSA 1916-1] New kdelibs packages fix SSL certificate verification weakness
2009-10-24 00:12:00
[Backports-security-announce] Security Update for proftpd-dfsg
2010-01-26 21:06:44
[Backports-security-announce] Security Update for proftpd-dfsg
2010-01-26 21:30:08
ubuntu
ubuntu
KDE-Libs vulnerability
2009-09-17 00:00:00
mozilla
mozilla
Compromise of SSL-protected communication — Mozilla
2009-08-01 00:00:00
threatpost
threatpost
Apple Safari
2009-12-29 21:50:26
veracode
veracode
Man-in-the-Middle (MitM)
2020-04-10 00:33:40
seebug
seebug
Mozilla Firefox NULL字符CA SSL证书验证安全绕过漏洞
2009-07-31 00:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2009-42
2009-08-07 00:00:00
KDE KSSL certificate spoofing
2011-04-11 00:00:00
fetchmail security announcement fetchmail-SA-2009-01 (CVE-2009-2666)
2009-08-08 00:00:00
exploitdb
exploitdb
ubuntucve
ubuntucve
f5
f5
SOL14909 - OpenSSL vulnerability CVE-2013-4248
2014-01-15 00:00:00
K15683 : Ruby vulnerability CVE-2013-4073
2014-10-09 00:00:00
K15638 : Python vulnerability CVE-2013-4238
2014-10-17 00:00:00
aix
aix
Vulnerability in Diffie-Hellman ciphers affects sendmail on VIOS
2010-03-29 15:54:57
talos
talos
Randombit Botan Library X509 Certificate Validation Bypass Vulnerability
2017-04-28 00:00:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
32.1%
Related for UB:CVE-2009-2702