SSL Spoofing Vulnerability in Fetchmail by Mandriva and Others
CVE-2009-2666

Currently unrated

Key Information:

Vendor

Fetchmail

Status
Fetchmail
Vendor
CVE Published:
7 August 2009

What is CVE-2009-2666?

A vulnerability in Fetchmail prior to version 6.3.11 stems from improper handling of the null ('\0') character in the Common Name (CN) field of X.509 certificates. This flaw exposes users to man-in-the-middle attacks, wherein attackers could exploit this vulnerability to spoof SSL servers by using a specially crafted certificate from a legitimate Certification Authority. This risk impacts the confidentiality and integrity of user data, necessitating immediate updates to the affected versions to mitigate potential security breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...
vendor-advisoryx_refsource_MANDRIVA
http://secunia.com/advisories/36175
third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/36236
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.