FreeBSD Local Security Checks : FreeBSD Ports: fetchmail

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.64657

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: fetchmail

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to the system
as announced in the referenced advisory.

The following package is affected: fetchmail

CVE-2009-2666
socket.c in fetchmail before 6.3.11 does not properly handle a '\0'
character in a domain name in the subject's Common Name (CN) field of
an X.509 certificate, which allows man-in-the-middle attackers to
spoof arbitrary SSL servers via a crafted certificate issued by a
legitimate Certification Authority, a related issue to CVE-2009-2408.

Solution:
Update your system with the appropriate patches or
software upgrades.

http://fetchmail.berlios.de/fetchmail-SA-2009-01.txt
http://www.vuxml.org/freebsd/5179d85c-8683-11de-91b9-0022157515b2.html

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-2666
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
BugTraq ID: 35951
http://www.securityfocus.com/bid/35951
Bugtraq: 20090806 fetchmail security announcement fetchmail-SA-2009-01 (CVE-2009-2666) (Google Search)
http://www.securityfocus.com/archive/1/505530/100/0/threaded
Debian Security Information: DSA-1852 (Google Search)
http://www.debian.org/security/2009/dsa-1852
http://www.mandriva.com/security/advisories?name=MDVSA-2009:201
http://marc.info/?l=oss-security&m=124949601207156&w=2
http://osvdb.org/56855
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11059
http://www.securitytracker.com/id?1022679
http://secunia.com/advisories/36175
http://secunia.com/advisories/36179
http://secunia.com/advisories/36236
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.543463
http://www.vupen.com/english/advisories/2009/2155
http://www.vupen.com/english/advisories/2009/3184

Copyright Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.64657
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: fetchmail
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to the system as announced in the referenced advisory. The following package is affected: fetchmail CVE-2009-2666 socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Solution: Update your system with the appropriate patches or software upgrades. http://fetchmail.berlios.de/fetchmail-SA-2009-01.txt http://www.vuxml.org/freebsd/5179d85c-8683-11de-91b9-0022157515b2.html CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2666 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html BugTraq ID: 35951 http://www.securityfocus.com/bid/35951 Bugtraq: 20090806 fetchmail security announcement fetchmail-SA-2009-01 (CVE-2009-2666) (Google Search) http://www.securityfocus.com/archive/1/505530/100/0/threaded Debian Security Information: DSA-1852 (Google Search) http://www.debian.org/security/2009/dsa-1852 http://www.mandriva.com/security/advisories?name=MDVSA-2009:201 http://marc.info/?l=oss-security&m=124949601207156&w=2 http://osvdb.org/56855 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11059 http://www.securitytracker.com/id?1022679 http://secunia.com/advisories/36175 http://secunia.com/advisories/36179 http://secunia.com/advisories/36236 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.543463 http://www.vupen.com/english/advisories/2009/2155 http://www.vupen.com/english/advisories/2009/3184
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com