Back to search
CVE-2009-2409
Published: Jul 30, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
36139
third-party-advisory
x_refsource_SECUNIA
36157
third-party-advisory
x_refsource_SECUNIA
MDVSA-2009:197
vendor-advisory
x_refsource_MANDRIVA
MDVSA-2009:216
vendor-advisory
x_refsource_MANDRIVA
DSA-1888
vendor-advisory
x_refsource_DEBIAN
oval:org.mitre.oval:def:8594
vdb-entry
signature
x_refsource_OVAL
GLSA-200911-02
vendor-advisory
x_refsource_GENTOO
36434
third-party-advisory
x_refsource_SECUNIA
GLSA-200912-01
vendor-advisory
x_refsource_GENTOO
1022631
vdb-entry
x_refsource_SECTRACK
42467
third-party-advisory
x_refsource_SECUNIA
[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released
mailing-list
x_refsource_MLIST
RHSA-2009:1207
vendor-advisory
x_refsource_REDHAT
20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console
mailing-list
x_refsource_BUGTRAQ
36669
third-party-advisory
x_refsource_SECUNIA
RHSA-2009:1432
vendor-advisory
x_refsource_REDHAT
USN-810-1
vendor-advisory
x_refsource_UBUNTU
oval:org.mitre.oval:def:10763
vdb-entry
signature
x_refsource_OVAL
MDVSA-2009:258
vendor-advisory
x_refsource_MANDRIVA
USN-810-2
vendor-advisory
x_refsource_UBUNTU
http://java.sun.com/javase/6/webnotes/6u17.html
x_refsource_CONFIRM
oval:org.mitre.oval:def:7155
vdb-entry
signature
x_refsource_OVAL
[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released
mailing-list
x_refsource_MLIST
ADV-2010-3126
vdb-entry
x_refsource_VUPEN
RHSA-2010:0095
vendor-advisory
x_refsource_REDHAT
ADV-2009-3184
vdb-entry
x_refsource_VUPEN
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409
x_refsource_CONFIRM
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html
x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2010-0019.html
x_refsource_CONFIRM
oval:org.mitre.oval:def:6631
vdb-entry
signature
x_refsource_OVAL
APPLE-SA-2009-11-09-1
vendor-advisory
x_refsource_APPLE
MDVSA-2010:084
vendor-advisory
x_refsource_MANDRIVA
37386
third-party-advisory
x_refsource_SECUNIA
ADV-2009-2085
vdb-entry
x_refsource_VUPEN
DSA-1874
vendor-advisory
x_refsource_DEBIAN
36739
third-party-advisory
x_refsource_SECUNIA
http://support.apple.com/kb/HT3937
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now