Vulnerabilities > CVE-2009-2666 - Cryptographic Issues vulnerability in Fetchmail
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2009-006.NASL description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion last seen 2020-06-01 modified 2020-06-02 plugin id 42433 published 2009-11-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42433 title Mac OS X Multiple Vulnerabilities (Security Update 2009-006) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(42433); script_version("1.27"); script_cve_id( "CVE-2007-5707", "CVE-2007-6698", "CVE-2008-0658", "CVE-2008-5161", "CVE-2009-0023", "CVE-2009-1191", "CVE-2009-1195", "CVE-2009-1574", "CVE-2009-1632", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1955", "CVE-2009-1956", "CVE-2009-2408", "CVE-2009-2409", "CVE-2009-2411", "CVE-2009-2412", "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2666", "CVE-2009-2808", "CVE-2009-2818", "CVE-2009-2819", "CVE-2009-2820", "CVE-2009-2823", "CVE-2009-2824", "CVE-2009-2825", "CVE-2009-2826", "CVE-2009-2827", "CVE-2009-2828", "CVE-2009-2829", "CVE-2009-2831", "CVE-2009-2832", "CVE-2009-2833", "CVE-2009-2834", "CVE-2009-2837", "CVE-2009-2838", "CVE-2009-2839", "CVE-2009-2840", "CVE-2009-3111", "CVE-2009-3291", "CVE-2009-3292", "CVE-2009-3293" ); script_bugtraq_id( 26245, 27778, 34663, 35115, 35221, 35251, 35565, 35623, 35888, 35983, 36263, 36449, 36959, 36961, 36962, 36963, 36964, 36966, 36967, 36972, 36973, 36975, 36977, 36978, 36979, 36982, 36985, 36988, 36990 ); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2009-006)"); script_summary(english:"Check for the presence of Security Update 2009-006"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT3937" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" ); script_set_attribute( attribute:"see_also", value:"http://www.securityfocus.com/advisories/18255" ); script_set_attribute( attribute:"solution", value:"Install Security Update 2009-006 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(16, 20, 79, 119, 189, 200, 255, 264, 310, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/09"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/09"); script_cvs_date("Date: 2018/07/16 12:48:31"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if (!uname) exit(1, "The 'Host/uname' KB item is missing."); pat = "^.+Darwin.* ([0-9]+\.[0-9.]+).*$"; if (!ereg(pattern:pat, string:uname)) exit(1, "Can't identify the Darwin kernel version from the uname output ("+uname+")."); darwin = ereg_replace(pattern:pat, replace:"\1", string:uname); if (ereg(pattern:"^(9\.[0-8]\.)", string:darwin)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing."); if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2009\.00[6-9]|20[1-9][0-9]\.[0-9]+)\.bom", string:packages)) exit(0, "The host has Security Update 2009-006 or later installed and therefore is not affected."); else security_hole(0); } else exit(0, "The host is running Darwin kernel version "+darwin+" and therefore is not affected.");NASL family SuSE Local Security Checks NASL id SUSE_FETCHMAIL-6409.NASL description This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \0-character in the certificate last seen 2020-06-01 modified 2020-06-02 plugin id 41509 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41509 title SuSE 10 Security Update : fetchmail (ZYPP Patch Number 6409) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41509); script_version ("1.10"); script_cvs_date("Date: 2019/10/25 13:36:36"); script_cve_id("CVE-2009-2666"); script_name(english:"SuSE 10 Security Update : fetchmail (ZYPP Patch Number 6409)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \0-character in the certificate's subject name. (CVE-2009-2666)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-2666.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 6409."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_cwe_id(310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/08/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:2, reference:"fetchmail-6.3.2-15.16")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"fetchmail-6.3.2-15.16")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"fetchmailconf-6.3.2-15.16")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1427.NASL description An updated fetchmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, such as SLIP and PPP connections. It was discovered that fetchmail is affected by the previously published last seen 2020-06-01 modified 2020-06-02 plugin id 40901 published 2009-09-09 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40901 title RHEL 3 / 4 / 5 : fetchmail (RHSA-2009:1427) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1427.NASL description From Red Hat Security Advisory 2009:1427 : An updated fetchmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, such as SLIP and PPP connections. It was discovered that fetchmail is affected by the previously published last seen 2020-06-01 modified 2020-06-02 plugin id 67920 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67920 title Oracle Linux 3 / 4 / 5 : fetchmail (ELSA-2009-1427) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1852.NASL description It was discovered that fetchmail, a full-featured remote mail retrieval and forwarding utility, is vulnerable to the last seen 2020-06-01 modified 2020-06-02 plugin id 44717 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44717 title Debian DSA-1852-1 : fetchmail - insufficient input validation NASL family MacOS X Local Security Checks NASL id MACOSX_10_6_2.NASL description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.2. Mac OS X 10.6.2 contains security fixes for the following products : - Adaptive Firewall - Apache - Apache Portable Runtime - Certificate Assistant - CoreMedia - CUPS - Dovecot - fetchmail - file - FTP Server - Help Viewer - ImageIO - IOKit - IPSec - Kernel - Launch Services - libsecurity - libxml - Login Window - OpenLDAP - QuickDraw Manager - QuickTime - Screen Sharing - Subversion last seen 2020-06-01 modified 2020-06-02 plugin id 42434 published 2009-11-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42434 title Mac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_1_FETCHMAIL-090807.NASL description This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \0-character in the certificate last seen 2020-06-01 modified 2020-06-02 plugin id 40574 published 2009-08-12 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40574 title openSUSE Security Update : fetchmail (fetchmail-1179) NASL family SuSE Local Security Checks NASL id SUSE_FETCHMAIL-6410.NASL description This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \0-character in the certificate last seen 2020-06-01 modified 2020-06-02 plugin id 41998 published 2009-10-06 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41998 title openSUSE 10 Security Update : fetchmail (fetchmail-6410) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-816-1.NASL description Matthias Andree discovered that fetchmail did not properly handle certificates with NULL characters in the certificate name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40590 published 2009-08-13 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40590 title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : fetchmail vulnerability (USN-816-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_5179D85C868311DE91B90022157515B2.NASL description Matthias Andree reports : Moxie Marlinspike demonstrated in July 2009 that some CAs would sign certificates that contain embedded NUL characters in the Common Name or subjectAltName fields of ITU-T X.509 certificates. Applications that would treat such X.509 strings as NUL-terminated C strings (rather than strings that contain an explicit length field) would only check the part up to and excluding the NUL character, so that certificate names such as www.good.example\0www.bad.example.com would be mistaken as a certificate name for www.good.example. fetchmail also had this design and implementation flaw. last seen 2020-06-01 modified 2020-06-02 plugin id 40571 published 2009-08-12 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40571 title FreeBSD : fetchmail -- improper SSL certificate subject verification (5179d85c-8683-11de-91b9-0022157515b2) NASL family Fedora Local Security Checks NASL id FEDORA_2009-8780.NASL description If fetchmail is running in daemon mode, it must be restarted for this update to take effect (use the last seen 2020-06-01 modified 2020-06-02 plugin id 40864 published 2009-09-04 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40864 title Fedora 11 : fetchmail-6.3.9-5.fc11 (2009-8780) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201006-12.NASL description The remote host is affected by the vulnerability described in GLSA-201006-12 (Fetchmail: Multiple vulnerabilities) Multiple vulnerabilities have been reported in Fetchmail: The sdump() function might trigger a heap-based buffer overflow during the escaping of non-printable characters with the high bit set from an X.509 certificate (CVE-2010-0562). The vendor reported that Fetchmail does not properly handle Common Name (CN) fields in X.509 certificates that contain an ASCII NUL character. Specifically, the processing of such fields is stopped at the first occurrence of a NUL character. This type of vulnerability was recently discovered by Dan Kaminsky and Moxie Marlinspike (CVE-2009-2666). Impact : A remote attacker could entice a user to connect with Fetchmail to a specially crafted SSL-enabled server in verbose mode, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. NOTE: The issue is only existent on platforms on which char is signed. Furthermore, a remote attacker might employ a specially crafted X.509 certificate, containing a NUL character in the Common Name field to conduct man-in-the-middle attacks on SSL connections made using Fetchmail. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 46779 published 2010-06-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46779 title GLSA-201006-12 : Fetchmail: Multiple vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1427.NASL description An updated fetchmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, such as SLIP and PPP connections. It was discovered that fetchmail is affected by the previously published last seen 2020-06-01 modified 2020-06-02 plugin id 40893 published 2009-09-09 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40893 title CentOS 3 / 4 / 5 : fetchmail (CESA-2009:1427) NASL family SuSE Local Security Checks NASL id SUSE_11_FETCHMAIL-090807.NASL description This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \0-character in the certificate last seen 2020-06-01 modified 2020-06-02 plugin id 41387 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41387 title SuSE 11 Security Update : fetchmail (SAT Patch Number 1171) NASL family Fedora Local Security Checks NASL id FEDORA_2009-8770.NASL description If fetchmail is running in daemon mode, it must be restarted for this update to take effect (use the last seen 2020-06-01 modified 2020-06-02 plugin id 40863 published 2009-09-04 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40863 title Fedora 10 : fetchmail-6.3.8-9.fc10 (2009-8770) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-201.NASL description A vulnerability has been found and corrected in fetchmail : socket.c in fetchmail before 6.3.11 does not properly handle a last seen 2020-06-01 modified 2020-06-02 plugin id 40585 published 2009-08-13 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40585 title Mandriva Linux Security Advisory : fetchmail (MDVSA-2009:201-1) NASL family Scientific Linux Local Security Checks NASL id SL_20090908_FETCHMAIL_ON_SL3_X.NASL description CVE-2007-4565 Fetchmail NULL pointer dereference CVE-2008-2711 fetchmail: Crash in large log messages in verbose mode CVE-2009-2666 fetchmail: SSL null terminator bypass It was discovered that fetchmail is affected by the previously published last seen 2020-06-01 modified 2020-06-02 plugin id 60662 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60662 title Scientific Linux Security Update : fetchmail on SL3.x, SL4.x, SL5.x i386/x86_64 NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2009-218-01.NASL description New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to a fix security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 40503 published 2009-08-07 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40503 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 8.1 / 9.0 / 9.1 / current : fetchmail (SSA:2009-218-01) NASL family SuSE Local Security Checks NASL id SUSE_11_0_FETCHMAIL-090807.NASL description This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \0-character in the certificate last seen 2020-06-01 modified 2020-06-02 plugin id 40572 published 2009-08-12 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40572 title openSUSE Security Update : fetchmail (fetchmail-1179) NASL family SuSE Local Security Checks NASL id SUSE9_12468.NASL description This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \0-character in the certificate last seen 2020-06-01 modified 2020-06-02 plugin id 41318 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41318 title SuSE9 Security Update : fetchmail (YOU Patch Number 12468)
Oval
| accepted | 2013-04-29T04:11:10.925-04:00 | ||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||
| description | socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||||||||||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:11059 | ||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
| title | socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||||||||||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 35951 CVE(CAN) ID: CVE-2009-2666 Fetchmail是免费的软件包,可以从远程POP2、POP3、IMAP、ETRN或ODMR服务器检索邮件并将其转发给本地SMTP、LMTP服务器或消息传送代理。 一些CA所签名的证书在ITU-T X.509证书的Common Name或subjectAltName字段中包含有嵌入的空字符,Fetchmail在处理这种X.509字符串时会将其处理为终止符,因此只会检查空字符的之前部分。例如,名称为www.good.example\0www.bad.example.com 的证书会被错误的处理为www.good.example 。这就允许攻击者伪造合法域的证书,执行中间人攻击。 Eric Raymond Fetchmail 6.3.x 厂商补丁: Eric Raymond ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://developer.berlios.de/project/showfiles.php?group_id=1824 |
| id | SSV:12016 |
| last seen | 2017-11-19 |
| modified | 2009-08-09 |
| published | 2009-08-09 |
| reporter | Root |
| title | Fetchmail SSL证书空字符验证漏洞 |
References
- http://fetchmail.berlios.de/fetchmail-SA-2009-01.txt
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
- http://marc.info/?l=oss-security&m=124949601207156&w=2
- http://osvdb.org/56855
- http://secunia.com/advisories/36175
- http://secunia.com/advisories/36179
- http://secunia.com/advisories/36236
- http://support.apple.com/kb/HT3937
- http://www.debian.org/security/2009/dsa-1852
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:201
- http://www.securityfocus.com/archive/1/505530/100/0/threaded
- http://www.securityfocus.com/bid/35951
- http://www.securitytracker.com/id?1022679
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.543463
- http://www.vupen.com/english/advisories/2009/2155
- http://www.vupen.com/english/advisories/2009/3184
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11059