CVE-2009-3942
Published Nov 16, 2009
Last updated 15 years ago
Overview
- Description
- Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-310
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D01B530-981C-4EF5-89E6-538ADA25D2F9",
"versionEndIncluding": "1.4.18"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "99E4CB87-6453-43EA-B969-1D26F047B868"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C28522F5-40C1-4CB2-8A21-FFF9C75B6C9B"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D297F70-E8FF-45BA-A299-1B24D0616855"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ABEE80E9-C4FF-4AB3-8DFA-2468B01861E3"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1AAB4EC4-2035-4421-90ED-772E01BC6725"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "448B136B-7FCB-444F-A8AE-89DBA1308EDA"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3F98F29-131F-49E6-A819-89AB1CDFB8F2"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0A9C11A-A8FC-4132-BE35-1A55A869D962"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B6304EC0-8977-4164-9355-E419B2BDFE12"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F3D69119-DB27-4439-A4A1-20B22226D3E9"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "86A0B3AA-EDED-4BC9-9516-23A1870C68FF"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD544309-CACE-4D0E-8921-B972988939DD"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4EDDDAAA-FE6D-4E3D-B4BA-2FDEADAE8CD8"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A71A198-495A-4BA1-A66F-734E49126710"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6806D84A-C775-46CC-BD67-1FB70ACD7B60"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9267E3FC-3B89-4E9D-924E-401FA7B1872C"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F49177D-4F29-40DA-AAB4-39B71BDA8210"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C241047D-1A6C-4E49-968D-AF08881B57D9"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "71F0F562-4906-415B-87CE-FA17126AC186"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "030746E6-A9E2-4A3C-B51F-6920B558A123"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D4E425C-24CC-4D64-9500-AA37120BDB20"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81797111-EE62-49EB-8804-BE493A5CCB2B"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.2.0:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E3EA2E59-C745-4926-B6A4-FA7512EE9B60"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB35C639-4D53-4A36-A567-F0742DE8F6BB"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C269D45F-7E20-4E85-8EC2-D05155750CE8"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "48125BDD-B875-4650-8B1D-D28C5F04208F"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1C2AAA19-7026-4EF1-85A4-87D9B08D708B"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B4A3BE86-51CA-4DFC-809B-D38075DC052E"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "390C2B54-479E-4DE3-9816-E60251455E18"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77FB50D8-DBE6-4547-A643-3F3749F98716"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "96C296F7-053B-4C68-AD20-9F2A716F9E81"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B674C7D5-9F59-4604-8469-FAA003AE7F1B"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "91F59DE1-329E-42E1-84CC-8CE5B032781D"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42FEED21-B6B0-4CE5-BE04-B284DEED46D1"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2ABFEA78-CE3C-4795-93C8-87F1EDECED1B"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BAA30198-E58E-408B-96CB-52417FC51CE1"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9C27411-6B62-4B1B-8E87-2653F5712E6D"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "237AF741-3C2A-4F55-9286-CF6FF4977557"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.11:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D92E239B-8BD7-4DA7-BC86-4F64638C5203"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2AF8F0CF-A59D-4D0C-9414-BEE4B9714EE9"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11215AD3-0AB1-47B1-B55F-DC6F40DB4F5C"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5B2D527-F99B-45A6-BF7B-D04CC28672BA"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3580054B-7A34-4CE3-8B43-D398858E83D0"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1EF98D9C-A072-453D-B0C6-600DF595E3E3"
},
{
"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21BAABE8-97D9-49AE-A9F6-A1F49E8928BB"
}
],
"operator": "OR"
}
]
}
]