6.4

CVE-2009-2666

socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FetchmailFetchmail Version <= 6.3.10
FetchmailFetchmail Version4.5.1
FetchmailFetchmail Version4.5.2
FetchmailFetchmail Version4.5.3
FetchmailFetchmail Version4.5.4
FetchmailFetchmail Version4.5.5
FetchmailFetchmail Version4.5.6
FetchmailFetchmail Version4.5.7
FetchmailFetchmail Version4.5.8
FetchmailFetchmail Version4.6.0
FetchmailFetchmail Version4.6.1
FetchmailFetchmail Version4.6.2
FetchmailFetchmail Version4.6.3
FetchmailFetchmail Version4.6.4
FetchmailFetchmail Version4.6.5
FetchmailFetchmail Version4.6.6
FetchmailFetchmail Version4.6.7
FetchmailFetchmail Version4.6.8
FetchmailFetchmail Version4.6.9
FetchmailFetchmail Version4.7.0
FetchmailFetchmail Version4.7.1
FetchmailFetchmail Version4.7.2
FetchmailFetchmail Version4.7.3
FetchmailFetchmail Version4.7.4
FetchmailFetchmail Version4.7.5
FetchmailFetchmail Version4.7.6
FetchmailFetchmail Version4.7.7
FetchmailFetchmail Version5.0.0
FetchmailFetchmail Version5.0.1
FetchmailFetchmail Version5.0.2
FetchmailFetchmail Version5.0.3
FetchmailFetchmail Version5.0.4
FetchmailFetchmail Version5.0.5
FetchmailFetchmail Version5.0.6
FetchmailFetchmail Version5.0.7
FetchmailFetchmail Version5.0.8
FetchmailFetchmail Version5.1.0
FetchmailFetchmail Version5.1.4
FetchmailFetchmail Version5.2.0
FetchmailFetchmail Version5.2.1
FetchmailFetchmail Version5.2.3
FetchmailFetchmail Version5.2.4
FetchmailFetchmail Version5.2.7
FetchmailFetchmail Version5.2.8
FetchmailFetchmail Version5.3.0
FetchmailFetchmail Version5.3.1
FetchmailFetchmail Version5.3.3
FetchmailFetchmail Version5.3.8
FetchmailFetchmail Version5.4.0
FetchmailFetchmail Version5.4.3
FetchmailFetchmail Version5.4.4
FetchmailFetchmail Version5.4.5
FetchmailFetchmail Version5.5.0
FetchmailFetchmail Version5.5.2
FetchmailFetchmail Version5.5.3
FetchmailFetchmail Version5.5.5
FetchmailFetchmail Version5.5.6
FetchmailFetchmail Version5.6.0
FetchmailFetchmail Version5.7.0
FetchmailFetchmail Version5.7.2
FetchmailFetchmail Version5.7.4
FetchmailFetchmail Version5.8
FetchmailFetchmail Version5.8.1
FetchmailFetchmail Version5.8.2
FetchmailFetchmail Version5.8.3
FetchmailFetchmail Version5.8.4
FetchmailFetchmail Version5.8.5
FetchmailFetchmail Version5.8.6
FetchmailFetchmail Version5.8.11
FetchmailFetchmail Version5.8.13
FetchmailFetchmail Version5.8.14
FetchmailFetchmail Version5.8.17
FetchmailFetchmail Version5.9.0
FetchmailFetchmail Version5.9.4
FetchmailFetchmail Version5.9.5
FetchmailFetchmail Version5.9.8
FetchmailFetchmail Version5.9.10
FetchmailFetchmail Version5.9.11
FetchmailFetchmail Version5.9.13
FetchmailFetchmail Version6.0.0
FetchmailFetchmail Version6.1.0
FetchmailFetchmail Version6.1.3
FetchmailFetchmail Version6.2.0
FetchmailFetchmail Version6.2.1
FetchmailFetchmail Version6.2.2
FetchmailFetchmail Version6.2.3
FetchmailFetchmail Version6.2.4
FetchmailFetchmail Version6.2.5
FetchmailFetchmail Version6.2.5.1
FetchmailFetchmail Version6.2.5.2
FetchmailFetchmail Version6.2.5.4
FetchmailFetchmail Version6.2.6 Updatepre4
FetchmailFetchmail Version6.2.6 Updatepre8
FetchmailFetchmail Version6.2.6 Updatepre9
FetchmailFetchmail Version6.2.9 Updaterc10
FetchmailFetchmail Version6.2.9 Updaterc3
FetchmailFetchmail Version6.2.9 Updaterc4
FetchmailFetchmail Version6.2.9 Updaterc5
FetchmailFetchmail Version6.2.9 Updaterc7
FetchmailFetchmail Version6.2.9 Updaterc8
FetchmailFetchmail Version6.2.9 Updaterc9
FetchmailFetchmail Version6.3.0
FetchmailFetchmail Version6.3.1
FetchmailFetchmail Version6.3.2
FetchmailFetchmail Version6.3.3
FetchmailFetchmail Version6.3.4
FetchmailFetchmail Version6.3.5
FetchmailFetchmail Version6.3.6
FetchmailFetchmail Version6.3.6 Updaterc1
FetchmailFetchmail Version6.3.6 Updaterc2
FetchmailFetchmail Version6.3.6 Updaterc3
FetchmailFetchmail Version6.3.6 Updaterc4
FetchmailFetchmail Version6.3.6 Updaterc5
FetchmailFetchmail Version6.3.7
FetchmailFetchmail Version6.3.8
FetchmailFetchmail Version6.3.9
FetchmailFetchmail Version6.3.9 Updaterc2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.5% 0.71
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
http://support.apple.com/kb/HT3937
http://www.vupen.com/english/advisories/2009/3184
Vendor Advisory
http://fetchmail.berlios.de/fetchmail-SA-2009-01.txt
http://marc.info/?l=oss-security&m=124949601207156&w=2
http://osvdb.org/56855
http://secunia.com/advisories/36175
Vendor Advisory
http://secunia.com/advisories/36179
Vendor Advisory
http://secunia.com/advisories/36236
Vendor Advisory
http://www.debian.org/security/2009/dsa-1852
http://www.mandriva.com/security/advisories?name=MDVSA-2009:201
http://www.securityfocus.com/archive/1/505530/100/0/threaded
http://www.securityfocus.com/bid/35951
http://www.securitytracker.com/id?1022679
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.543463
http://www.vupen.com/english/advisories/2009/2155
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11059