Back to search
CVE-2009-2666
Published: Aug 7, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
MDVSA-2009:201
vendor-advisory
x_refsource_MANDRIVA
36175
third-party-advisory
x_refsource_SECUNIA
36236
third-party-advisory
x_refsource_SECUNIA
DSA-1852
vendor-advisory
x_refsource_DEBIAN
http://fetchmail.berlios.de/fetchmail-SA-2009-01.txt
x_refsource_CONFIRM
[oss-security] 20090805 Re: CVE request: fetchmail <= 6.3.10 SSL certificate
mailing-list
x_refsource_MLIST
20090806 fetchmail security announcement fetchmail-SA-2009-01 (CVE-2009-2666)
mailing-list
x_refsource_BUGTRAQ
SSA:2009-218-01
vendor-advisory
x_refsource_SLACKWARE
36179
third-party-advisory
x_refsource_SECUNIA
1022679
vdb-entry
x_refsource_SECTRACK
56855
vdb-entry
x_refsource_OSVDB
oval:org.mitre.oval:def:11059
vdb-entry
signature
x_refsource_OVAL
ADV-2009-3184
vdb-entry
x_refsource_VUPEN
ADV-2009-2155
vdb-entry
x_refsource_VUPEN
APPLE-SA-2009-11-09-1
vendor-advisory
x_refsource_APPLE
http://support.apple.com/kb/HT3937
x_refsource_CONFIRM
35951
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now