{ "id": "CVE-2009-3942", "sourceIdentifier": "cve@mitre.org", "published": "2009-11-16T19:30:01.077", "lastModified": "2010-01-28T07:00:06.127", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408." }, { "lang": "es", "value": "Martin Lambers msmtp versiones anteriores a v1.4.19, cuando usa OpenSSL, no maneja adecuadamente un car\u00e1cter '\\0' en un nombre de dominio (1) en el campo nombre com\u00fan del sujeto o (2) en el campo nombre alternativo del sujeto de un certificado X.509, permitiendo que atacantes de hombre en medio (man-in-the-middle) suplantar a servidores SSL de su elecci\u00f3n mediante un certificado modificado emitido por una Autoridad de Certificaci\u00f3n leg\u00edtima, estando relacionado con el CVE-2009-2408." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.4 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-310" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.4.18", "matchCriteriaId": "5D01B530-981C-4EF5-89E6-538ADA25D2F9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:0.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "99E4CB87-6453-43EA-B969-1D26F047B868" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:0.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "C28522F5-40C1-4CB2-8A21-FFF9C75B6C9B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "0D297F70-E8FF-45BA-A299-1B24D0616855" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "ABEE80E9-C4FF-4AB3-8DFA-2468B01861E3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "1AAB4EC4-2035-4421-90ED-772E01BC6725" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "448B136B-7FCB-444F-A8AE-89DBA1308EDA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "E3F98F29-131F-49E6-A819-89AB1CDFB8F2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0A9C11A-A8FC-4132-BE35-1A55A869D962" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B6304EC0-8977-4164-9355-E419B2BDFE12" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:0.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "F3D69119-DB27-4439-A4A1-20B22226D3E9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:0.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "86A0B3AA-EDED-4BC9-9516-23A1870C68FF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "FD544309-CACE-4D0E-8921-B972988939DD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "4EDDDAAA-FE6D-4E3D-B4BA-2FDEADAE8CD8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "9A71A198-495A-4BA1-A66F-734E49126710" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "6806D84A-C775-46CC-BD67-1FB70ACD7B60" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "9267E3FC-3B89-4E9D-924E-401FA7B1872C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "7F49177D-4F29-40DA-AAB4-39B71BDA8210" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "C241047D-1A6C-4E49-968D-AF08881B57D9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "71F0F562-4906-415B-87CE-FA17126AC186" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "030746E6-A9E2-4A3C-B51F-6920B558A123" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "2D4E425C-24CC-4D64-9500-AA37120BDB20" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "81797111-EE62-49EB-8804-BE493A5CCB2B" }, { "vulnerable": false, "criteria": "cpe:2.3:a:martin_lambers:msmtp:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3EA2E59-C745-4926-B6A4-FA7512EE9B60" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "DB35C639-4D53-4A36-A567-F0742DE8F6BB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "C269D45F-7E20-4E85-8EC2-D05155750CE8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "48125BDD-B875-4650-8B1D-D28C5F04208F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "1C2AAA19-7026-4EF1-85A4-87D9B08D708B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B4A3BE86-51CA-4DFC-809B-D38075DC052E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "390C2B54-479E-4DE3-9816-E60251455E18" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "77FB50D8-DBE6-4547-A643-3F3749F98716" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "96C296F7-053B-4C68-AD20-9F2A716F9E81" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "B674C7D5-9F59-4604-8469-FAA003AE7F1B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "91F59DE1-329E-42E1-84CC-8CE5B032781D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "42FEED21-B6B0-4CE5-BE04-B284DEED46D1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "2ABFEA78-CE3C-4795-93C8-87F1EDECED1B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "BAA30198-E58E-408B-96CB-52417FC51CE1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "E9C27411-6B62-4B1B-8E87-2653F5712E6D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "237AF741-3C2A-4F55-9286-CF6FF4977557" }, { "vulnerable": false, "criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "D92E239B-8BD7-4DA7-BC86-4F64638C5203" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "2AF8F0CF-A59D-4D0C-9414-BEE4B9714EE9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "11215AD3-0AB1-47B1-B55F-DC6F40DB4F5C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "B5B2D527-F99B-45A6-BF7B-D04CC28672BA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.15:*:*:*:*:*:*:*", "matchCriteriaId": "3580054B-7A34-4CE3-8B43-D398858E83D0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.16:*:*:*:*:*:*:*", "matchCriteriaId": "1EF98D9C-A072-453D-B0C6-600DF595E3E3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.17:*:*:*:*:*:*:*", "matchCriteriaId": "21BAABE8-97D9-49AE-A9F6-A1F49E8928BB" } ] } ] } ], "references": [ { "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html", "source": "cve@mitre.org" }, { "url": "http://msmtp.sourceforge.net/news.html", "source": "cve@mitre.org" }, { "url": "http://www.vupen.com/english/advisories/2009/3224", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] } ] }