CVE-2009-3942

{"id": "CVE-2009-3942", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-11-16T19:30:01.077", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html", "source": "cve@mitre.org"}, {"url": "http://msmtp.sourceforge.net/news.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/37321", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/3224", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."}, {"lang": "es", "value": "Martin Lambers msmtp versiones anteriores a v1.4.19, cuando usa OpenSSL, no maneja adecuadamente un car\u00e1cter '\\0' en un nombre de dominio (1) en el campo nombre com\u00fan del sujeto o (2) en el campo nombre alternativo del sujeto de un certificado X.509, permitiendo que atacantes de hombre en medio (man-in-the-middle) suplantar a servidores SSL de su elecci\u00f3n mediante un certificado modificado emitido por una Autoridad de Certificaci\u00f3n leg\u00edtima, estando relacionado con el CVE-2009-2408."}], "lastModified": "2010-01-28T07:00:06.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:martin_lambers:msmtp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D01B530-981C-4EF5-89E6-538ADA25D2F9", "versionEndIncluding": "1.4.18"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99E4CB87-6453-43EA-B969-1D26F047B868"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C28522F5-40C1-4CB2-8A21-FFF9C75B6C9B"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D297F70-E8FF-45BA-A299-1B24D0616855"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABEE80E9-C4FF-4AB3-8DFA-2468B01861E3"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AAB4EC4-2035-4421-90ED-772E01BC6725"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "448B136B-7FCB-444F-A8AE-89DBA1308EDA"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3F98F29-131F-49E6-A819-89AB1CDFB8F2"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0A9C11A-A8FC-4132-BE35-1A55A869D962"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6304EC0-8977-4164-9355-E419B2BDFE12"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3D69119-DB27-4439-A4A1-20B22226D3E9"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86A0B3AA-EDED-4BC9-9516-23A1870C68FF"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD544309-CACE-4D0E-8921-B972988939DD"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EDDDAAA-FE6D-4E3D-B4BA-2FDEADAE8CD8"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A71A198-495A-4BA1-A66F-734E49126710"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6806D84A-C775-46CC-BD67-1FB70ACD7B60"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9267E3FC-3B89-4E9D-924E-401FA7B1872C"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F49177D-4F29-40DA-AAB4-39B71BDA8210"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C241047D-1A6C-4E49-968D-AF08881B57D9"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71F0F562-4906-415B-87CE-FA17126AC186"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "030746E6-A9E2-4A3C-B51F-6920B558A123"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D4E425C-24CC-4D64-9500-AA37120BDB20"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81797111-EE62-49EB-8804-BE493A5CCB2B"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.2.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E3EA2E59-C745-4926-B6A4-FA7512EE9B60"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB35C639-4D53-4A36-A567-F0742DE8F6BB"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C269D45F-7E20-4E85-8EC2-D05155750CE8"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48125BDD-B875-4650-8B1D-D28C5F04208F"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C2AAA19-7026-4EF1-85A4-87D9B08D708B"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4A3BE86-51CA-4DFC-809B-D38075DC052E"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "390C2B54-479E-4DE3-9816-E60251455E18"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77FB50D8-DBE6-4547-A643-3F3749F98716"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96C296F7-053B-4C68-AD20-9F2A716F9E81"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B674C7D5-9F59-4604-8469-FAA003AE7F1B"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91F59DE1-329E-42E1-84CC-8CE5B032781D"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42FEED21-B6B0-4CE5-BE04-B284DEED46D1"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ABFEA78-CE3C-4795-93C8-87F1EDECED1B"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAA30198-E58E-408B-96CB-52417FC51CE1"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9C27411-6B62-4B1B-8E87-2653F5712E6D"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "237AF741-3C2A-4F55-9286-CF6FF4977557"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.11:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D92E239B-8BD7-4DA7-BC86-4F64638C5203"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AF8F0CF-A59D-4D0C-9414-BEE4B9714EE9"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11215AD3-0AB1-47B1-B55F-DC6F40DB4F5C"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5B2D527-F99B-45A6-BF7B-D04CC28672BA"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3580054B-7A34-4CE3-8B43-D398858E83D0"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EF98D9C-A072-453D-B0C6-600DF595E3E3"}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21BAABE8-97D9-49AE-A9F6-A1F49E8928BB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}