Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2973

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2009-2973
Last Modified 04 Sep 2009 01:28:51
Published 27 Aug 2009 01:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2973

Summary

Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the (1) MD2 or (2) MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409.

Vulnerable Systems

Application

  • Google Chrome 0.2.149.27

  • Google Chrome 0.2.149.29

  • Google Chrome 0.2.149.30

  • Google Chrome 0.2.152.1

  • Google Chrome 0.2.153.1

  • Google Chrome 0.3.154.0

  • Google Chrome 0.3.154.3

  • Google Chrome 0.4.154.18

  • Google Chrome 0.4.154.22

  • Google Chrome 0.4.154.31

  • Google Chrome 0.4.154.33

  • Google Chrome 1.0.154.36

  • Google Chrome 1.0.154.39

  • Google Chrome 1.0.154.42

  • Google Chrome 1.0.154.43

  • Google Chrome 1.0.154.46

  • Google Chrome 1.0.154.48

  • Google Chrome 1.0.154.52

  • Google Chrome 1.0.154.53

  • Google Chrome 1.0.154.59

  • Google Chrome 2.0.156.1

  • Google Chrome 2.0.157.0

  • Google Chrome 2.0.157.2

  • Google Chrome 2.0.158.0

  • Google Chrome 2.0.159.0

  • Google Chrome 2.0.172

  • Google Chrome 2.0.172.30

  • Google Chrome 2.0.172.31

  • Google Chrome 2.0.172.33

  • Google Chrome 2.0.172.37


References

XF - google-chrome-algorithm-spoofing(52903)

VUPEN - ADV-2009-2420

SECUNIA - 36417

CONFIRM - http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html

CONFIRM - http://code.google.com/p/chromium/issues/detail?id=18725


Last Updated: 27 May 2016 10:51:04