ID CVE-2009-2666
Summary socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
References
Vulnerable Configurations
  • Fetchmail 4.5.1
    cpe:2.3:a:fetchmail:fetchmail:4.5.1
  • Fetchmail 4.5.2
    cpe:2.3:a:fetchmail:fetchmail:4.5.2
  • Fetchmail 4.5.3
    cpe:2.3:a:fetchmail:fetchmail:4.5.3
  • Fetchmail 4.5.4
    cpe:2.3:a:fetchmail:fetchmail:4.5.4
  • Fetchmail 4.5.5
    cpe:2.3:a:fetchmail:fetchmail:4.5.5
  • Fetchmail 4.5.6
    cpe:2.3:a:fetchmail:fetchmail:4.5.6
  • Fetchmail 4.5.7
    cpe:2.3:a:fetchmail:fetchmail:4.5.7
  • Fetchmail 4.5.8
    cpe:2.3:a:fetchmail:fetchmail:4.5.8
  • Fetchmail 4.6.0
    cpe:2.3:a:fetchmail:fetchmail:4.6.0
  • Fetchmail 4.6.1
    cpe:2.3:a:fetchmail:fetchmail:4.6.1
  • Fetchmail 4.6.2
    cpe:2.3:a:fetchmail:fetchmail:4.6.2
  • Fetchmail 4.6.3
    cpe:2.3:a:fetchmail:fetchmail:4.6.3
  • Fetchmail 4.6.4
    cpe:2.3:a:fetchmail:fetchmail:4.6.4
  • Fetchmail 4.6.5
    cpe:2.3:a:fetchmail:fetchmail:4.6.5
  • Fetchmail 4.6.6
    cpe:2.3:a:fetchmail:fetchmail:4.6.6
  • Fetchmail 4.6.7
    cpe:2.3:a:fetchmail:fetchmail:4.6.7
  • Fetchmail 4.6.8
    cpe:2.3:a:fetchmail:fetchmail:4.6.8
  • Fetchmail 4.6.9
    cpe:2.3:a:fetchmail:fetchmail:4.6.9
  • Fetchmail 4.7.0
    cpe:2.3:a:fetchmail:fetchmail:4.7.0
  • Fetchmail 4.7.1
    cpe:2.3:a:fetchmail:fetchmail:4.7.1
  • Fetchmail 4.7.2
    cpe:2.3:a:fetchmail:fetchmail:4.7.2
  • Fetchmail 4.7.3
    cpe:2.3:a:fetchmail:fetchmail:4.7.3
  • Fetchmail 4.7.4
    cpe:2.3:a:fetchmail:fetchmail:4.7.4
  • Fetchmail 4.7.5
    cpe:2.3:a:fetchmail:fetchmail:4.7.5
  • Fetchmail 4.7.6
    cpe:2.3:a:fetchmail:fetchmail:4.7.6
  • Fetchmail 4.7.7
    cpe:2.3:a:fetchmail:fetchmail:4.7.7
  • Fetchmail 5.0.0
    cpe:2.3:a:fetchmail:fetchmail:5.0.0
  • Fetchmail 5.0.1
    cpe:2.3:a:fetchmail:fetchmail:5.0.1
  • Fetchmail 5.0.2
    cpe:2.3:a:fetchmail:fetchmail:5.0.2
  • Fetchmail 5.0.3
    cpe:2.3:a:fetchmail:fetchmail:5.0.3
  • Fetchmail 5.0.4
    cpe:2.3:a:fetchmail:fetchmail:5.0.4
  • Fetchmail 5.0.5
    cpe:2.3:a:fetchmail:fetchmail:5.0.5
  • Fetchmail 5.0.6
    cpe:2.3:a:fetchmail:fetchmail:5.0.6
  • Fetchmail 5.0.7
    cpe:2.3:a:fetchmail:fetchmail:5.0.7
  • Fetchmail 5.0.8
    cpe:2.3:a:fetchmail:fetchmail:5.0.8
  • Fetchmail 5.1.0
    cpe:2.3:a:fetchmail:fetchmail:5.1.0
  • Fetchmail 5.1.4
    cpe:2.3:a:fetchmail:fetchmail:5.1.4
  • Fetchmail 5.2.0
    cpe:2.3:a:fetchmail:fetchmail:5.2.0
  • Fetchmail 5.2.1
    cpe:2.3:a:fetchmail:fetchmail:5.2.1
  • Fetchmail 5.2.3
    cpe:2.3:a:fetchmail:fetchmail:5.2.3
  • Fetchmail 5.2.4
    cpe:2.3:a:fetchmail:fetchmail:5.2.4
  • Fetchmail 5.2.7
    cpe:2.3:a:fetchmail:fetchmail:5.2.7
  • Fetchmail 5.2.8
    cpe:2.3:a:fetchmail:fetchmail:5.2.8
  • Fetchmail 5.3.0
    cpe:2.3:a:fetchmail:fetchmail:5.3.0
  • Fetchmail 5.3.1
    cpe:2.3:a:fetchmail:fetchmail:5.3.1
  • Fetchmail 5.3.3
    cpe:2.3:a:fetchmail:fetchmail:5.3.3
  • Fetchmail 5.3.8
    cpe:2.3:a:fetchmail:fetchmail:5.3.8
  • Fetchmail 5.4.0
    cpe:2.3:a:fetchmail:fetchmail:5.4.0
  • Fetchmail 5.4.3
    cpe:2.3:a:fetchmail:fetchmail:5.4.3
  • Fetchmail 5.4.4
    cpe:2.3:a:fetchmail:fetchmail:5.4.4
  • Fetchmail 5.4.5
    cpe:2.3:a:fetchmail:fetchmail:5.4.5
  • Fetchmail 5.5.0
    cpe:2.3:a:fetchmail:fetchmail:5.5.0
  • Fetchmail 5.5.2
    cpe:2.3:a:fetchmail:fetchmail:5.5.2
  • Fetchmail 5.5.3
    cpe:2.3:a:fetchmail:fetchmail:5.5.3
  • Fetchmail 5.5.5
    cpe:2.3:a:fetchmail:fetchmail:5.5.5
  • Fetchmail 5.5.6
    cpe:2.3:a:fetchmail:fetchmail:5.5.6
  • Fetchmail 5.6.0
    cpe:2.3:a:fetchmail:fetchmail:5.6.0
  • Fetchmail 5.7.0
    cpe:2.3:a:fetchmail:fetchmail:5.7.0
  • Fetchmail 5.7.2
    cpe:2.3:a:fetchmail:fetchmail:5.7.2
  • Fetchmail 5.7.4
    cpe:2.3:a:fetchmail:fetchmail:5.7.4
  • Fetchmail 5.8
    cpe:2.3:a:fetchmail:fetchmail:5.8
  • Fetchmail 5.8.1
    cpe:2.3:a:fetchmail:fetchmail:5.8.1
  • Fetchmail 5.8.2
    cpe:2.3:a:fetchmail:fetchmail:5.8.2
  • Fetchmail 5.8.3
    cpe:2.3:a:fetchmail:fetchmail:5.8.3
  • Fetchmail 5.8.4
    cpe:2.3:a:fetchmail:fetchmail:5.8.4
  • Fetchmail 5.8.5
    cpe:2.3:a:fetchmail:fetchmail:5.8.5
  • Fetchmail 5.8.6
    cpe:2.3:a:fetchmail:fetchmail:5.8.6
  • Fetchmail 5.8.11
    cpe:2.3:a:fetchmail:fetchmail:5.8.11
  • Fetchmail 5.8.13
    cpe:2.3:a:fetchmail:fetchmail:5.8.13
  • Fetchmail 5.8.14
    cpe:2.3:a:fetchmail:fetchmail:5.8.14
  • Fetchmail 5.8.17
    cpe:2.3:a:fetchmail:fetchmail:5.8.17
  • Fetchmail 5.9.0
    cpe:2.3:a:fetchmail:fetchmail:5.9.0
  • Fetchmail 5.9.4
    cpe:2.3:a:fetchmail:fetchmail:5.9.4
  • Fetchmail 5.9.5
    cpe:2.3:a:fetchmail:fetchmail:5.9.5
  • Fetchmail 5.9.8
    cpe:2.3:a:fetchmail:fetchmail:5.9.8
  • Fetchmail 5.9.10
    cpe:2.3:a:fetchmail:fetchmail:5.9.10
  • Fetchmail 5.9.11
    cpe:2.3:a:fetchmail:fetchmail:5.9.11
  • Fetchmail 5.9.13
    cpe:2.3:a:fetchmail:fetchmail:5.9.13
  • Fetchmail 6.0.0
    cpe:2.3:a:fetchmail:fetchmail:6.0.0
  • Fetchmail 6.1.0
    cpe:2.3:a:fetchmail:fetchmail:6.1.0
  • Fetchmail 6.1.3
    cpe:2.3:a:fetchmail:fetchmail:6.1.3
  • Fetchmail 6.2.0
    cpe:2.3:a:fetchmail:fetchmail:6.2.0
  • Fetchmail 6.2.1
    cpe:2.3:a:fetchmail:fetchmail:6.2.1
  • Fetchmail 6.2.2
    cpe:2.3:a:fetchmail:fetchmail:6.2.2
  • Fetchmail 6.2.3
    cpe:2.3:a:fetchmail:fetchmail:6.2.3
  • Fetchmail 6.2.4
    cpe:2.3:a:fetchmail:fetchmail:6.2.4
  • Fetchmail 6.2.5
    cpe:2.3:a:fetchmail:fetchmail:6.2.5
  • Fetchmail 6.2.5.1
    cpe:2.3:a:fetchmail:fetchmail:6.2.5.1
  • Fetchmail 6.2.5.2
    cpe:2.3:a:fetchmail:fetchmail:6.2.5.2
  • Fetchmail 6.2.5.4
    cpe:2.3:a:fetchmail:fetchmail:6.2.5.4
  • Fetchmail 6.2.6 pre4
    cpe:2.3:a:fetchmail:fetchmail:6.2.6:pre4
  • Fetchmail 6.2.6 pre8
    cpe:2.3:a:fetchmail:fetchmail:6.2.6:pre8
  • Fetchmail 6.2.6 pre9
    cpe:2.3:a:fetchmail:fetchmail:6.2.6:pre9
  • Fetchmail 6.2.9 release candidate 10
    cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc10
  • Fetchmail 6.2.9 release candidate 3
    cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc3
  • Fetchmail 6.2.9 release candidate 4
    cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc4
  • Fetchmail 6.2.9 release candidate 5
    cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc5
  • Fetchmail 6.2.9 release candidate 7
    cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc7
  • Fetchmail 6.2.9 release candidate 8
    cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc8
  • Fetchmail 6.2.9 release candidate 9
    cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc9
  • Fetchmail 6.3.0
    cpe:2.3:a:fetchmail:fetchmail:6.3.0
  • Fetchmail 6.3.1
    cpe:2.3:a:fetchmail:fetchmail:6.3.1
  • Fetchmail 6.3.2
    cpe:2.3:a:fetchmail:fetchmail:6.3.2
  • Fetchmail 6.3.3
    cpe:2.3:a:fetchmail:fetchmail:6.3.3
  • Fetchmail 6.3.4
    cpe:2.3:a:fetchmail:fetchmail:6.3.4
  • Fetchmail 6.3.5
    cpe:2.3:a:fetchmail:fetchmail:6.3.5
  • Fetchmail 6.3.6
    cpe:2.3:a:fetchmail:fetchmail:6.3.6
  • Fetchmail 6.3.6 release candidate 1
    cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc1
  • Fetchmail 6.3.6 release candidate 2
    cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc2
  • Fetchmail 6.3.6 release candidate 3
    cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc3
  • Fetchmail 6.3.6 release candidate 4
    cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc4
  • Fetchmail 6.3.6 release candidate 5
    cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc5
  • Fetchmail 6.3.7
    cpe:2.3:a:fetchmail:fetchmail:6.3.7
  • Fetchmail 6.3.8
    cpe:2.3:a:fetchmail:fetchmail:6.3.8
  • Fetchmail 6.3.9
    cpe:2.3:a:fetchmail:fetchmail:6.3.9
  • Fetchmail 6.3.9 release candidate 2
    cpe:2.3:a:fetchmail:fetchmail:6.3.9:rc2
  • Fetchmail 6.3.10
    cpe:2.3:a:fetchmail:fetchmail:6.3.10
CVSS
Base: 6.4 (as of 10-08-2009 - 08:12)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201006-12.NASL
    description The remote host is affected by the vulnerability described in GLSA-201006-12 (Fetchmail: Multiple vulnerabilities) Multiple vulnerabilities have been reported in Fetchmail: The sdump() function might trigger a heap-based buffer overflow during the escaping of non-printable characters with the high bit set from an X.509 certificate (CVE-2010-0562). The vendor reported that Fetchmail does not properly handle Common Name (CN) fields in X.509 certificates that contain an ASCII NUL character. Specifically, the processing of such fields is stopped at the first occurrence of a NUL character. This type of vulnerability was recently discovered by Dan Kaminsky and Moxie Marlinspike (CVE-2009-2666). Impact : A remote attacker could entice a user to connect with Fetchmail to a specially crafted SSL-enabled server in verbose mode, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. NOTE: The issue is only existent on platforms on which char is signed. Furthermore, a remote attacker might employ a specially crafted X.509 certificate, containing a NUL character in the Common Name field to conduct man-in-the-middle attacks on SSL connections made using Fetchmail. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 46779
    published 2010-06-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46779
    title GLSA-201006-12 : Fetchmail: Multiple vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1427.NASL
    description From Red Hat Security Advisory 2009:1427 : An updated fetchmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, such as SLIP and PPP connections. It was discovered that fetchmail is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse fetchmail into accepting it by mistake. (CVE-2009-2666) A flaw was found in the way fetchmail handles rejections from a remote SMTP server when sending warning mail to the postmaster. If fetchmail sent a warning mail to the postmaster of an SMTP server and that SMTP server rejected it, fetchmail could crash. (CVE-2007-4565) A flaw was found in fetchmail. When fetchmail is run in double verbose mode ('-v -v'), it could crash upon receiving certain, malformed mail messages with long headers. A remote attacker could use this flaw to cause a denial of service if fetchmail was also running in daemon mode ('-d'). (CVE-2008-2711) Note: when using SSL-enabled services, it is recommended that the fetchmail '--sslcertck' option be used to enforce strict SSL certificate checking. All fetchmail users should upgrade to this updated package, which contains backported patches to correct these issues. If fetchmail is running in daemon mode, it must be restarted for this update to take effect (use the 'fetchmail --quit' command to stop the fetchmail process).
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 67920
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67920
    title Oracle Linux 3 / 4 / 5 : fetchmail (ELSA-2009-1427)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_6_2.NASL
    description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.2. Mac OS X 10.6.2 contains security fixes for the following products : - Adaptive Firewall - Apache - Apache Portable Runtime - Certificate Assistant - CoreMedia - CUPS - Dovecot - fetchmail - file - FTP Server - Help Viewer - ImageIO - IOKit - IPSec - Kernel - Launch Services - libsecurity - libxml - Login Window - OpenLDAP - QuickDraw Manager - QuickTime - Screen Sharing - Subversion
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 42434
    published 2009-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42434
    title Mac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2009-006.NASL
    description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 42433
    published 2009-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42433
    title Mac OS X Multiple Vulnerabilities (Security Update 2009-006)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_5179D85C868311DE91B90022157515B2.NASL
    description Matthias Andree reports : Moxie Marlinspike demonstrated in July 2009 that some CAs would sign certificates that contain embedded NUL characters in the Common Name or subjectAltName fields of ITU-T X.509 certificates. Applications that would treat such X.509 strings as NUL-terminated C strings (rather than strings that contain an explicit length field) would only check the part up to and excluding the NUL character, so that certificate names such as www.good.example\0www.bad.example.com would be mistaken as a certificate name for www.good.example. fetchmail also had this design and implementation flaw.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 40571
    published 2009-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40571
    title FreeBSD : fetchmail -- improper SSL certificate subject verification (5179d85c-8683-11de-91b9-0022157515b2)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8780.NASL
    description If fetchmail is running in daemon mode, it must be restarted for this update to take effect (use the 'fetchmail --quit' command to stop the fetchmail process). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 40864
    published 2009-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40864
    title Fedora 11 : fetchmail-6.3.9-5.fc11 (2009-8780)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FETCHMAIL-6409.NASL
    description This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \0-character in the certificate's subject name. (CVE-2009-2666)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 41509
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41509
    title SuSE 10 Security Update : fetchmail (ZYPP Patch Number 6409)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-816-1.NASL
    description Matthias Andree discovered that fetchmail did not properly handle certificates with NULL characters in the certificate name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 40590
    published 2009-08-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40590
    title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : fetchmail vulnerability (USN-816-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090908_FETCHMAIL_ON_SL3_X.NASL
    description CVE-2007-4565 Fetchmail NULL pointer dereference CVE-2008-2711 fetchmail: Crash in large log messages in verbose mode CVE-2009-2666 fetchmail: SSL null terminator bypass It was discovered that fetchmail is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse fetchmail into accepting it by mistake. (CVE-2009-2666) A flaw was found in the way fetchmail handles rejections from a remote SMTP server when sending warning mail to the postmaster. If fetchmail sent a warning mail to the postmaster of an SMTP server and that SMTP server rejected it, fetchmail could crash. (CVE-2007-4565) A flaw was found in fetchmail. When fetchmail is run in double verbose mode ('-v -v'), it could crash upon receiving certain, malformed mail messages with long headers. A remote attacker could use this flaw to cause a denial of service if fetchmail was also running in daemon mode ('-d'). (CVE-2008-2711) If fetchmail is running in daemon mode, it must be restarted for this update to take effect (use the 'fetchmail --quit' command to stop the fetchmail process).
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60662
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60662
    title Scientific Linux Security Update : fetchmail on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1427.NASL
    description An updated fetchmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, such as SLIP and PPP connections. It was discovered that fetchmail is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse fetchmail into accepting it by mistake. (CVE-2009-2666) A flaw was found in the way fetchmail handles rejections from a remote SMTP server when sending warning mail to the postmaster. If fetchmail sent a warning mail to the postmaster of an SMTP server and that SMTP server rejected it, fetchmail could crash. (CVE-2007-4565) A flaw was found in fetchmail. When fetchmail is run in double verbose mode ('-v -v'), it could crash upon receiving certain, malformed mail messages with long headers. A remote attacker could use this flaw to cause a denial of service if fetchmail was also running in daemon mode ('-d'). (CVE-2008-2711) Note: when using SSL-enabled services, it is recommended that the fetchmail '--sslcertck' option be used to enforce strict SSL certificate checking. All fetchmail users should upgrade to this updated package, which contains backported patches to correct these issues. If fetchmail is running in daemon mode, it must be restarted for this update to take effect (use the 'fetchmail --quit' command to stop the fetchmail process).
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 40901
    published 2009-09-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40901
    title RHEL 3 / 4 / 5 : fetchmail (RHSA-2009:1427)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1427.NASL
    description An updated fetchmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, such as SLIP and PPP connections. It was discovered that fetchmail is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse fetchmail into accepting it by mistake. (CVE-2009-2666) A flaw was found in the way fetchmail handles rejections from a remote SMTP server when sending warning mail to the postmaster. If fetchmail sent a warning mail to the postmaster of an SMTP server and that SMTP server rejected it, fetchmail could crash. (CVE-2007-4565) A flaw was found in fetchmail. When fetchmail is run in double verbose mode ('-v -v'), it could crash upon receiving certain, malformed mail messages with long headers. A remote attacker could use this flaw to cause a denial of service if fetchmail was also running in daemon mode ('-d'). (CVE-2008-2711) Note: when using SSL-enabled services, it is recommended that the fetchmail '--sslcertck' option be used to enforce strict SSL certificate checking. All fetchmail users should upgrade to this updated package, which contains backported patches to correct these issues. If fetchmail is running in daemon mode, it must be restarted for this update to take effect (use the 'fetchmail --quit' command to stop the fetchmail process).
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 40893
    published 2009-09-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40893
    title CentOS 3 / 4 / 5 : fetchmail (CESA-2009:1427)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-201.NASL
    description A vulnerability has been found and corrected in fetchmail : socket.c in fetchmail before 6.3.11 does not properly handle a '�' (NUL) character in a domain name in the subject's Common Name (CN) and subjectAlt(ernative)Name fields of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2666). This update provides a solution to this vulnerability. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 40585
    published 2009-08-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40585
    title Mandriva Linux Security Advisory : fetchmail (MDVSA-2009:201-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1852.NASL
    description It was discovered that fetchmail, a full-featured remote mail retrieval and forwarding utility, is vulnerable to the 'Null Prefix Attacks Against SSL/TLS Certificates' recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the subjectAltName or Common Name fields. Note, as a fetchmail user you should always use strict certificate validation through either these option combinations: sslcertck ssl sslproto ssl3 (for service on SSL-wrapped ports) or sslcertck sslproto tls1 (for STARTTLS-based services)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44717
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44717
    title Debian DSA-1852-1 : fetchmail - insufficient input validation
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_FETCHMAIL-090807.NASL
    description This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \0-character in the certificate's subject name. (CVE-2009-2666)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 40572
    published 2009-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40572
    title openSUSE Security Update : fetchmail (fetchmail-1179)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_FETCHMAIL-090807.NASL
    description This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \0-character in the certificate's subject name. (CVE-2009-2666)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 41387
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41387
    title SuSE 11 Security Update : fetchmail (SAT Patch Number 1171)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FETCHMAIL-6410.NASL
    description This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \0-character in the certificate's subject name. (CVE-2009-2666)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 41998
    published 2009-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41998
    title openSUSE 10 Security Update : fetchmail (fetchmail-6410)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2009-218-01.NASL
    description New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to a fix security issue.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 40503
    published 2009-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40503
    title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 8.1 / 9.0 / 9.1 / current : fetchmail (SSA:2009-218-01)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12468.NASL
    description This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \0-character in the certificate's subject name. (CVE-2009-2666)
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41318
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41318
    title SuSE9 Security Update : fetchmail (YOU Patch Number 12468)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8770.NASL
    description If fetchmail is running in daemon mode, it must be restarted for this update to take effect (use the 'fetchmail --quit' command to stop the fetchmail process). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 40863
    published 2009-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40863
    title Fedora 10 : fetchmail-6.3.8-9.fc10 (2009-8770)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_FETCHMAIL-090807.NASL
    description This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \0-character in the certificate's subject name. (CVE-2009-2666)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 40574
    published 2009-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40574
    title openSUSE Security Update : fetchmail (fetchmail-1179)
oval via4
accepted 2013-04-29T04:11:10.925-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
family unix
id oval:org.mitre.oval:def:11059
status accepted
submitted 2010-07-09T03:56:16-04:00
title socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
version 24
redhat via4
advisories
bugzilla
id 515804
title CVE-2009-2666 fetchmail: SSL null terminator bypass
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhsa:tst:20060015001
    • comment fetchmail is earlier than 0:6.2.0-3.el3.5
      oval oval:com.redhat.rhsa:tst:20091427002
    • comment fetchmail is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20070018003
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • comment fetchmail is earlier than 0:6.2.5-6.0.1.el4_8.1
      oval oval:com.redhat.rhsa:tst:20091427005
    • comment fetchmail is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20070018003
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • comment fetchmail is earlier than 0:6.3.6-1.1.el5_3.1
      oval oval:com.redhat.rhsa:tst:20091427007
    • comment fetchmail is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20070385008
rhsa
id RHSA-2009:1427
released 2009-09-08
severity Moderate
title RHSA-2009:1427: fetchmail security update (Moderate)
rpms
  • fetchmail-0:6.2.0-3.el3.5
  • fetchmail-0:6.2.5-6.0.1.el4_8.1
  • fetchmail-0:6.3.6-1.1.el5_3.1
refmap via4
apple APPLE-SA-2009-11-09-1
bid 35951
bugtraq 20090806 fetchmail security announcement fetchmail-SA-2009-01 (CVE-2009-2666)
confirm
debian DSA-1852
mandriva MDVSA-2009:201
mlist [oss-security] 20090805 Re: CVE request: fetchmail <= 6.3.10 SSL certificate
osvdb 56855
sectrack 1022679
secunia
  • 36175
  • 36179
  • 36236
slackware SSA:2009-218-01
vupen
  • ADV-2009-2155
  • ADV-2009-3184
Last major update 15-02-2011 - 00:00
Published 07-08-2009 - 15:00
Last modified 10-10-2018 - 15:41
Back to Top