Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2666

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2009-2666
Last Modified 15 Feb 2011 12:00:00
Published 07 Aug 2009 03:00:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2666

Summary

socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Vulnerable Systems

Application

  • Fetchmail 4.5.1

  • Fetchmail 4.5.2

  • Fetchmail 4.5.3

  • Fetchmail 4.5.4

  • Fetchmail 4.5.5

  • Fetchmail 4.5.6

  • Fetchmail 4.5.7

  • Fetchmail 4.5.8

  • Fetchmail 4.6.0

  • Fetchmail 4.6.1

  • Fetchmail 4.6.2

  • Fetchmail 4.6.3

  • Fetchmail 4.6.4

  • Fetchmail 4.6.5

  • Fetchmail 4.6.6

  • Fetchmail 4.6.7

  • Fetchmail 4.6.8

  • Fetchmail 4.6.9

  • Fetchmail 4.7.0

  • Fetchmail 4.7.1

  • Fetchmail 4.7.2

  • Fetchmail 4.7.3

  • Fetchmail 4.7.4

  • Fetchmail 4.7.5

  • Fetchmail 4.7.6

  • Fetchmail 4.7.7

  • Fetchmail 5.0.0

  • Fetchmail 5.0.1

  • Fetchmail 5.0.2

  • Fetchmail 5.0.3

  • Fetchmail 5.0.4

  • Fetchmail 5.0.5

  • Fetchmail 5.0.6

  • Fetchmail 5.0.7

  • Fetchmail 5.0.8

  • Fetchmail 5.1.0

  • Fetchmail 5.1.4

  • Fetchmail 5.2.0

  • Fetchmail 5.2.1

  • Fetchmail 5.2.3

  • Fetchmail 5.2.4

  • Fetchmail 5.2.7

  • Fetchmail 5.2.8

  • Fetchmail 5.3.0

  • Fetchmail 5.3.1

  • Fetchmail 5.3.3

  • Fetchmail 5.3.8

  • Fetchmail 5.4.0

  • Fetchmail 5.4.3

  • Fetchmail 5.4.4

  • Fetchmail 5.4.5

  • Fetchmail 5.5.0

  • Fetchmail 5.5.2

  • Fetchmail 5.5.3

  • Fetchmail 5.5.5

  • Fetchmail 5.5.6

  • Fetchmail 5.6.0

  • Fetchmail 5.7.0

  • Fetchmail 5.7.2

  • Fetchmail 5.7.4

  • Fetchmail 5.8

  • Fetchmail 5.8.1

  • Fetchmail 5.8.11

  • Fetchmail 5.8.13

  • Fetchmail 5.8.14

  • Fetchmail 5.8.17

  • Fetchmail 5.8.2

  • Fetchmail 5.8.3

  • Fetchmail 5.8.4

  • Fetchmail 5.8.5

  • Fetchmail 5.8.6

  • Fetchmail 5.9.0

  • Fetchmail 5.9.10

  • Fetchmail 5.9.11

  • Fetchmail 5.9.13

  • Fetchmail 5.9.4

  • Fetchmail 5.9.5

  • Fetchmail 5.9.8

  • Fetchmail 6.0.0

  • Fetchmail 6.1.0

  • Fetchmail 6.1.3

  • Fetchmail 6.2.0

  • Fetchmail 6.2.1

  • Fetchmail 6.2.2

  • Fetchmail 6.2.3

  • Fetchmail 6.2.4

  • Fetchmail 6.2.5

  • Fetchmail 6.2.5.1

  • Fetchmail 6.2.5.2

  • Fetchmail 6.2.5.4

  • Fetchmail 6.2.6

  • Fetchmail 6.2.9

  • Fetchmail 6.3.0

  • Fetchmail 6.3.1

  • Fetchmail 6.3.10

  • Fetchmail 6.3.2

  • Fetchmail 6.3.3

  • Fetchmail 6.3.4

  • Fetchmail 6.3.5

  • Fetchmail 6.3.6

  • Fetchmail 6.3.7

  • Fetchmail 6.3.8

  • Fetchmail 6.3.9


References

VUPEN - ADV-2009-3184

VUPEN - ADV-2009-2155

SLACKWARE - SSA:2009-218-01

SECTRACK - 1022679

BID - 35951

BUGTRAQ - 20090806 fetchmail security announcement fetchmail-SA-2009-01 (CVE-2009-2666)

MANDRIVA - MDVSA-2009:201

DEBIAN - DSA-1852

CONFIRM - http://support.apple.com/kb/HT3937

SECUNIA - 36236

SECUNIA - 36179

SECUNIA - 36175

OSVDB - 56855

MLIST - [oss-security] 20090805 Re: CVE request: fetchmail <= 6.3.10 SSL certificate

APPLE - APPLE-SA-2009-11-09-1

CONFIRM - http://fetchmail.berlios.de/fetchmail-SA-2009-01.txt

Related Patches

Apple 2009-11-09 Mac OS X v10.6.2 Update

Red Hat 2009:1427-01 RHSA Moderate: fetchmail security update for RHEL 5 x86

Novell SUSE 2009:6409 fetchmail security update for SLE 10 SP2 i586


Last Updated: 27 May 2016 10:50:59