ID CVE-2009-2825
Summary Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
References
Vulnerable Configurations
  • Apple Mac OS X 10.5.8
    cpe:2.3:o:apple:mac_os_x:10.5.8
  • Apple Mac OS X 10.5.7
    cpe:2.3:o:apple:mac_os_x:10.5.7
  • Apple Mac OS X 10.5.6
    cpe:2.3:o:apple:mac_os_x:10.5.6
  • Apple Mac OS X 10.5.5
    cpe:2.3:o:apple:mac_os_x:10.5.5
  • Apple Mac OS X 10.5.4
    cpe:2.3:o:apple:mac_os_x:10.5.4
  • Apple Mac OS X 10.5.3
    cpe:2.3:o:apple:mac_os_x:10.5.3
  • Apple Mac OS X 10.5.2
    cpe:2.3:o:apple:mac_os_x:10.5.2
  • Apple Mac OS X 10.5.1
    cpe:2.3:o:apple:mac_os_x:10.5.1
  • Apple Mac OS X 10.5.0
    cpe:2.3:o:apple:mac_os_x:10.5.0
  • Apple Mac OS X 10.5
    cpe:2.3:o:apple:mac_os_x:10.5
  • cpe:2.3:o:apple:mac_os_x:10.6
    cpe:2.3:o:apple:mac_os_x:10.6
  • Apple Mac OS X 10.6.1
    cpe:2.3:o:apple:mac_os_x:10.6.1
  • Apple Mac OS X 10.3.0
    cpe:2.3:o:apple:mac_os_x:10.3.0
  • Apple Mac OS X 10.3.9
    cpe:2.3:o:apple:mac_os_x:10.3.9
  • Apple Mac OS X 10.3.8
    cpe:2.3:o:apple:mac_os_x:10.3.8
  • Apple Mac OS X 10.3
    cpe:2.3:o:apple:mac_os_x:10.3
  • Apple Mac OS X 10.3.1
    cpe:2.3:o:apple:mac_os_x:10.3.1
  • Apple Mac OS X 10.3.2
    cpe:2.3:o:apple:mac_os_x:10.3.2
  • Apple Mac OS X 10.3.3
    cpe:2.3:o:apple:mac_os_x:10.3.3
  • Apple Mac OS X 10.3.4
    cpe:2.3:o:apple:mac_os_x:10.3.4
  • Apple Mac OS X 10.3.5
    cpe:2.3:o:apple:mac_os_x:10.3.5
  • Apple Mac OS X 10.3.6
    cpe:2.3:o:apple:mac_os_x:10.3.6
  • Apple Mac OS X 10.3.7
    cpe:2.3:o:apple:mac_os_x:10.3.7
  • Apple Mac OS X 10.2.0
    cpe:2.3:o:apple:mac_os_x:10.2.0
  • Apple Mac OS X 10.2.1
    cpe:2.3:o:apple:mac_os_x:10.2.1
  • Apple Mac OS X 10.2.2
    cpe:2.3:o:apple:mac_os_x:10.2.2
  • Apple Mac OS X 10.2.3
    cpe:2.3:o:apple:mac_os_x:10.2.3
  • Apple Mac OS X 10.2.4
    cpe:2.3:o:apple:mac_os_x:10.2.4
  • Apple Mac OS X 10.2.5
    cpe:2.3:o:apple:mac_os_x:10.2.5
  • Apple Mac OS X 10.2.6
    cpe:2.3:o:apple:mac_os_x:10.2.6
  • Apple Mac OS X 10.2.7
    cpe:2.3:o:apple:mac_os_x:10.2.7
  • Apple Mac OS X 10.2.8
    cpe:2.3:o:apple:mac_os_x:10.2.8
  • Apple Mac OS X 10.2
    cpe:2.3:o:apple:mac_os_x:10.2
  • Apple Mac OS X 10.1.0
    cpe:2.3:o:apple:mac_os_x:10.1.0
  • Apple Mac OS X 10.1
    cpe:2.3:o:apple:mac_os_x:10.1
  • Apple Mac OS X 10.1.2
    cpe:2.3:o:apple:mac_os_x:10.1.2
  • Apple Mac OS X 10.1.1
    cpe:2.3:o:apple:mac_os_x:10.1.1
  • Apple Mac OS X 10.1.4
    cpe:2.3:o:apple:mac_os_x:10.1.4
  • Apple Mac OS X 10.1.3
    cpe:2.3:o:apple:mac_os_x:10.1.3
  • Apple Mac OS X 10.1.5
    cpe:2.3:o:apple:mac_os_x:10.1.5
  • Apple Mac OS X 10.4
    cpe:2.3:o:apple:mac_os_x:10.4
  • Apple Mac OS X 10.4.0
    cpe:2.3:o:apple:mac_os_x:10.4.0
  • Apple Mac OS X 10.4.1
    cpe:2.3:o:apple:mac_os_x:10.4.1
  • Apple Mac OS X 10.4.10
    cpe:2.3:o:apple:mac_os_x:10.4.10
  • Apple Mac OS X 10.4.11
    cpe:2.3:o:apple:mac_os_x:10.4.11
  • Apple Mac OS X 10.4.2
    cpe:2.3:o:apple:mac_os_x:10.4.2
  • Apple Mac OS X 10.4.3
    cpe:2.3:o:apple:mac_os_x:10.4.3
  • Apple Mac OS X 10.4.4
    cpe:2.3:o:apple:mac_os_x:10.4.4
  • Apple Mac OS X 10.4.5
    cpe:2.3:o:apple:mac_os_x:10.4.5
  • Apple Mac OS X 10.4.6
    cpe:2.3:o:apple:mac_os_x:10.4.6
  • Apple Mac OS X 10.4.7
    cpe:2.3:o:apple:mac_os_x:10.4.7
  • Apple Mac OS X 10.4.8
    cpe:2.3:o:apple:mac_os_x:10.4.8
  • Apple Mac OS X 10.4.9
    cpe:2.3:o:apple:mac_os_x:10.4.9
  • Apple Mac OS X 10.0.0
    cpe:2.3:o:apple:mac_os_x:10.0.0
  • Apple Mac OS X 10.0.1
    cpe:2.3:o:apple:mac_os_x:10.0.1
  • Apple Mac OS X 10.0
    cpe:2.3:o:apple:mac_os_x:10.0
  • Apple Mac OS X 10.0.3
    cpe:2.3:o:apple:mac_os_x:10.0.3
  • Apple Mac OS X 10.0.2
    cpe:2.3:o:apple:mac_os_x:10.0.2
  • Apple Mac OS X 10.0.4
    cpe:2.3:o:apple:mac_os_x:10.0.4
  • Apple Mac OS X Server 10.5.8
    cpe:2.3:o:apple:mac_os_x_server:10.5.8
  • Apple Mac OS X Server 10.5.7
    cpe:2.3:o:apple:mac_os_x_server:10.5.7
  • Apple Mac OS X Server 10.5.6
    cpe:2.3:o:apple:mac_os_x_server:10.5.6
  • Apple Mac OS X Server 10.5.5
    cpe:2.3:o:apple:mac_os_x_server:10.5.5
  • Apple Mac OS X Server 10.5.4
    cpe:2.3:o:apple:mac_os_x_server:10.5.4
  • Apple Mac OS X Server 10.5.3
    cpe:2.3:o:apple:mac_os_x_server:10.5.3
  • Apple Mac OS X Server 10.5.2
    cpe:2.3:o:apple:mac_os_x_server:10.5.2
  • Apple Mac OS X Server 10.5.1
    cpe:2.3:o:apple:mac_os_x_server:10.5.1
  • Apple Mac OS X Server 10.5.0
    cpe:2.3:o:apple:mac_os_x_server:10.5.0
  • Apple Mac OS X Server 10.5
    cpe:2.3:o:apple:mac_os_x_server:10.5
  • cpe:2.3:o:apple:mac_os_x_server:10.6
    cpe:2.3:o:apple:mac_os_x_server:10.6
  • Apple Mac OS X Server 10.6.1
    cpe:2.3:o:apple:mac_os_x_server:10.6.1
  • Apple Mac OS X Server 10.4.9
    cpe:2.3:o:apple:mac_os_x_server:10.4.9
  • Apple Mac OS X Server 10.4.8
    cpe:2.3:o:apple:mac_os_x_server:10.4.8
  • Apple Mac OS X Server 10.4.7
    cpe:2.3:o:apple:mac_os_x_server:10.4.7
  • Apple Mac OS X Server 10.4.6
    cpe:2.3:o:apple:mac_os_x_server:10.4.6
  • Apple Mac OS X Server 10.4.5
    cpe:2.3:o:apple:mac_os_x_server:10.4.5
  • Apple Mac OS X Server 10.4.4
    cpe:2.3:o:apple:mac_os_x_server:10.4.4
  • Apple Mac OS X Server 10.4.3
    cpe:2.3:o:apple:mac_os_x_server:10.4.3
  • Apple Mac OS X Server 10.4.2
    cpe:2.3:o:apple:mac_os_x_server:10.4.2
  • Apple Mac OS X Server 10.4.11
    cpe:2.3:o:apple:mac_os_x_server:10.4.11
  • Apple Mac OS X Server 10.4.10
    cpe:2.3:o:apple:mac_os_x_server:10.4.10
  • Apple Mac OS X Server 10.4.1
    cpe:2.3:o:apple:mac_os_x_server:10.4.1
  • Apple Mac OS X Server 10.4.0
    cpe:2.3:o:apple:mac_os_x_server:10.4.0
  • Apple Mac OS X Server 10.4
    cpe:2.3:o:apple:mac_os_x_server:10.4
  • Apple Mac OS X Server 10.3.8
    cpe:2.3:o:apple:mac_os_x_server:10.3.8
  • Apple Mac OS X Server 10.3.7
    cpe:2.3:o:apple:mac_os_x_server:10.3.7
  • Apple Mac OS X Server 10.3.9
    cpe:2.3:o:apple:mac_os_x_server:10.3.9
  • Apple Mac OS X Server 10.3.4
    cpe:2.3:o:apple:mac_os_x_server:10.3.4
  • Apple Mac OS X Server 10.3.3
    cpe:2.3:o:apple:mac_os_x_server:10.3.3
  • Apple Mac OS X Server 10.3.6
    cpe:2.3:o:apple:mac_os_x_server:10.3.6
  • Apple Mac OS X Server 10.3.5
    cpe:2.3:o:apple:mac_os_x_server:10.3.5
  • Apple Mac OS X Server 10.3.0
    cpe:2.3:o:apple:mac_os_x_server:10.3.0
  • Apple Mac OS X Server 10.3.1
    cpe:2.3:o:apple:mac_os_x_server:10.3.1
  • Apple Mac OS X Server 10.3.2
    cpe:2.3:o:apple:mac_os_x_server:10.3.2
  • Apple Mac OS X Server 10.3
    cpe:2.3:o:apple:mac_os_x_server:10.3
  • Apple Mac OS X Server 10.2.2
    cpe:2.3:o:apple:mac_os_x_server:10.2.2
  • Apple Mac OS X Server 10.2.3
    cpe:2.3:o:apple:mac_os_x_server:10.2.3
  • Apple Mac OS X Server 10.2
    cpe:2.3:o:apple:mac_os_x_server:10.2
  • Apple Mac OS X Server 10.2.1
    cpe:2.3:o:apple:mac_os_x_server:10.2.1
  • Apple Mac OS X Server 10.2.0
    cpe:2.3:o:apple:mac_os_x_server:10.2.0
  • Apple Mac OS X Server 10.2.8
    cpe:2.3:o:apple:mac_os_x_server:10.2.8
  • Apple Mac OS X Server 10.2.6
    cpe:2.3:o:apple:mac_os_x_server:10.2.6
  • Apple Mac OS X Server 10.2.7
    cpe:2.3:o:apple:mac_os_x_server:10.2.7
  • Apple Mac OS X Server 10.2.4
    cpe:2.3:o:apple:mac_os_x_server:10.2.4
  • Apple Mac OS X Server 10.2.5
    cpe:2.3:o:apple:mac_os_x_server:10.2.5
  • Apple Mac OS X Server 10.1.4
    cpe:2.3:o:apple:mac_os_x_server:10.1.4
  • Apple Mac OS X Server 10.1.0
    cpe:2.3:o:apple:mac_os_x_server:10.1.0
  • Apple Mac OS X Server 10.1.5
    cpe:2.3:o:apple:mac_os_x_server:10.1.5
  • Apple Mac OS X Server 10.1.2
    cpe:2.3:o:apple:mac_os_x_server:10.1.2
  • Apple Mac OS X Server 10.1.3
    cpe:2.3:o:apple:mac_os_x_server:10.1.3
  • Apple Mac OS X Server 10.1.1
    cpe:2.3:o:apple:mac_os_x_server:10.1.1
  • Apple Mac OS X Server 10.1
    cpe:2.3:o:apple:mac_os_x_server:10.1
  • Apple Mac OS X Server 10.0.4
    cpe:2.3:o:apple:mac_os_x_server:10.0.4
  • Apple Mac OS X Server 10.0.0
    cpe:2.3:o:apple:mac_os_x_server:10.0.0
  • Apple Mac OS X Server 10.0.1
    cpe:2.3:o:apple:mac_os_x_server:10.0.1
  • Apple Mac OS X Server 10.0.2
    cpe:2.3:o:apple:mac_os_x_server:10.0.2
  • Apple Mac OS X Server 10.0.3
    cpe:2.3:o:apple:mac_os_x_server:10.0.3
  • Apple Mac OS X Server 10.0
    cpe:2.3:o:apple:mac_os_x_server:10.0
CVSS
Base: 4.3 (as of 11-11-2009 - 10:14)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_6_2.NASL
    description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.2. Mac OS X 10.6.2 contains security fixes for the following products : - Adaptive Firewall - Apache - Apache Portable Runtime - Certificate Assistant - CoreMedia - CUPS - Dovecot - fetchmail - file - FTP Server - Help Viewer - ImageIO - IOKit - IPSec - Kernel - Launch Services - libsecurity - libxml - Login Window - OpenLDAP - QuickDraw Manager - QuickTime - Screen Sharing - Subversion
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 42434
    published 2009-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42434
    title Mac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2009-006.NASL
    description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 42433
    published 2009-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42433
    title Mac OS X Multiple Vulnerabilities (Security Update 2009-006)
refmap via4
apple APPLE-SA-2009-11-09-1
bid 36956
confirm http://support.apple.com/kb/HT3937
vupen ADV-2009-3184
Last major update 17-11-2009 - 02:02
Published 10-11-2009 - 14:30
Back to Top