var-200907-0748
Vulnerability from variot
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. plural Mozilla product for, X.509 certificate of Common Name (CN) within the domain name in the field. The product provides cross-platform support for SSL, S/MIME and other Internet security standards. There is a mismatch between the NSS library's handling of the domain name in the SSL certificate between the SSL client and the CA that issued the server certificate. If a malicious user requests a certificate from a hostname with an invalid null character, most CAs will issue a certificate as long as the requester has the domain specified after the null character, but most SSL clients (browsers) will ignore this part of the name, Using a null character before the portion of validation allows an attacker to use a fake certificate in a man-in-the-middle attack to establish a false trust relationship. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2009-2408
Dan Kaminsky and Moxie Marlinspike discovered that icedove does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate (MFSA 2009-42).
CVE-2009-2404
Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names (MFSA 2009-43).
CVE-2009-2463
monarch2020 discovered an integer overflow n a base64 decoding function (MFSA 2010-07).
CVE-2009-3072
Josh Soref discovered a crash in the BinHex decoder (MFSA 2010-07).
CVE-2009-3075
Carsten Book reported a crash in the JavaScript engine (MFSA 2010-07).
CVE-2010-0163
Ludovic Hirlimann reported a crash indexing some messages with attachments, which could lead to the execution of arbitrary code (MFSA 2010-07).
For the stable distribution (lenny), these problems have been fixed in version 2.0.0.24-0lenny1.
Due to a problem with the archive system it is not possible to release all architectures. The missing architectures will be installed into the archive once they become available.
For the testing distribution squeeze and the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your icedove packages.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
Debian GNU/Linux 5.0 alias lenny
Debian (stable)
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24.orig.tar.gz Size/MD5 checksum: 35856543 3bf6e40cddf593ddc1a66b9e721f12b9 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.dsc Size/MD5 checksum: 1668 111c1a93c1ce498715e231272123f841 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.diff.gz Size/MD5 checksum: 103260 4661b0c8c170d58f844337699cb8ca1a
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_alpha.deb Size/MD5 checksum: 3723382 12c7fe63b0a5c59680ca36200a6f7d20 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_alpha.deb Size/MD5 checksum: 61132 c0f96569d4ea0f01cff3950572b3dda9 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_alpha.deb Size/MD5 checksum: 57375560 95a614e1cb620fad510eb51ae5cb37c5 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_alpha.deb Size/MD5 checksum: 13468190 03a629abf18130605927f5817b097bac
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_amd64.deb Size/MD5 checksum: 57584134 7d909c9f1b67d4758e290dc2c1dc01f2 http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_amd64.deb Size/MD5 checksum: 3937168 de9dda16f94e696de897bec6c8d45f90 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_amd64.deb Size/MD5 checksum: 12384488 8d1632f7511c711a1d2ea940f7e451a2 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_amd64.deb Size/MD5 checksum: 59114 fae947071c0de6ebce316decbce61f9a
arm architecture (ARM)
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_arm.deb Size/MD5 checksum: 3929902 5ab6f673b34770278270fb7862986b0b http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_arm.deb Size/MD5 checksum: 53746 c9c53e8a42d85fe5f4fa8e2a85e55629 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_arm.deb Size/MD5 checksum: 56491578 8eb38c6f99c501556506ac6790833941 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_arm.deb Size/MD5 checksum: 10943350 d7c0badfe9210ce5341eb17ab7e71ca2
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_hppa.deb Size/MD5 checksum: 3944678 2a9dc50b61420b4fdf8f3a4d378bb484 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_hppa.deb Size/MD5 checksum: 60554 7dcd739363cff3cc4bda659b82856536 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_hppa.deb Size/MD5 checksum: 58523174 6780e8f9de0f2ed0c3bd533d03853d85 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_hppa.deb Size/MD5 checksum: 13952170 88674f31191b07cd76ea5d366c545f1d
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_i386.deb Size/MD5 checksum: 10951904 52ce1587c6eb95b7f8b63ccedf224d88 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_i386.deb Size/MD5 checksum: 54838 101de9e837bea9391461074481bf770f http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_i386.deb Size/MD5 checksum: 3924810 6ecf3693cce2ae97fd0bbdafc1ff06f6 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_i386.deb Size/MD5 checksum: 56543048 73d1684cf69bed0441393abb46610433
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_ia64.deb Size/MD5 checksum: 3756914 615afd30bf893d2d32bbacedf1f7ff8e http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_ia64.deb Size/MD5 checksum: 16545566 0444c7198e94ab59e103e60bf86a2aa2 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_ia64.deb Size/MD5 checksum: 66302 f8800140b3797d4a4267a5dac0043995 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_ia64.deb Size/MD5 checksum: 57199564 5df5808f91ecdf6ac49f0e922b1a0234
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_powerpc.deb Size/MD5 checksum: 12112586 4b40106b68670c726624348c0cb8bd1f http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_powerpc.deb Size/MD5 checksum: 59511730 226cdd43af9dffb4132002044120769c http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_powerpc.deb Size/MD5 checksum: 56670 72e58731ac68f2c599704a3e7ca45d4c http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_powerpc.deb Size/MD5 checksum: 3942470 e8454d41a095226a2d252f10da795d96
These files will probably be moved into the stable distribution on its next update.
CVE-2009-2408
Dan Kaminsky discovered that NULL characters in certificate names could lead to man-in-the-middle attacks by tricking the user into accepting a rogue certificate.
CVE-2009-2409
Certificates with MD2 hash signatures are no longer accepted since they're no longer considered cryptograhically secure.
The old stable distribution (etch) doesn't contain nss.
A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625.
This update provides the latest version of Thunderbird which are not vulnerable to these issues.
Update:
The previous mozilla-thunderbird-moztraybiff packages had the wrong release which prevented it to be upgraded (#53129). The new packages addresses this problem.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 http://www.mozilla.org/security/announce/2009/mfsa2009-42.html https://bugs.gentoo.org/show_bug.cgi?id=280615 https://qa.mandriva.com/53129
Updated Packages:
Mandriva Linux 2009.1: 8129678451e9e36da6d95a2ce3a694ab 2009.1/i586/mozilla-thunderbird-moztraybiff-1.2.4-4.2mdv2009.1.i586.rpm 229bb034c2f1e741bd8f11419ae1aefe 2009.1/SRPMS/mozilla-thunderbird-moztraybiff-1.2.4-4.2mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64: f69e7801185436e47737979d0651f445 2009.1/x86_64/mozilla-thunderbird-moztraybiff-1.2.4-4.2mdv2009.1.x86_64.rpm 229bb034c2f1e741bd8f11419ae1aefe 2009.1/SRPMS/mozilla-thunderbird-moztraybiff-1.2.4-4.2mdv2009.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFKzc5rmqjQ0CJFipgRAvQpAJ9T/LqCuNLAGVYFcxh16Nw9SlgBjACfRyns 3p8/ikiKsb0/DKOQ4TGMJwI= =WJVE -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2010-0001 Synopsis: ESX Service Console updates for nss and nspr Issue date: 2010-01-06 Updated on: 2010-01-06 (initial release of advisory) CVE numbers: CVE-2009-2409 CVE-2009-2408 CVE-2009-2404 CVE-2009-1563 CVE-2009-3274 CVE-2009-3370 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3380 CVE-2009-3382
- Summary
Update for Service Console packages nss and nspr
- Relevant releases
VMware ESX 4.0 without patch ESX400-200912403-SG
- Problem Description
a. Update for Service Console packages nss and nspr
Service console packages for Network Security Services (NSS) and
NetScape Portable Runtime (NSPR) are updated to versions
nss-3.12.3.99.3-1.2157 and nspr-4.7.6-1.2213 respectively. This
patch fixes several security issues in the service console
packages for NSS and NSPR.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the names CVE-2009-2409, CVE-2009-2408, CVE-2009-2404,
CVE-2009-1563, CVE-2009-3274, CVE-2009-3370, CVE-2009-3372,
CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376,
CVE-2009-3380, and CVE-2009-3382 to these issues.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200912403-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 affected, patch pending
-
hosted products are VMware Workstation, Player, ACE, Server, Fusion.
-
Solution
Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file.
ESX 4.0
ESX400-200912403-SG
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-181-20091231-153046/ESX400-200912001.zip md5sum: 78c6cf139b7941dc736c9d3a41deae77 sha1sum: 36df3a675fbd3c8c8830f00637e37ee716bdac59 http://kb.vmware.com/kb/1016293
To install an individual bulletin use esxupdate with the -b option. esxupdate --bundle=ESX400-200912001.zip -b ESX400-200912403-SG update
- References
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3382
- Change log
2010-01-06 VMSA-2010-0001 Initial security advisory after release of patch ESX400-200912403-SG for ESX 4.0 on 2010-01-06.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2010 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32)
iD8DBQFLRYwLS2KysvBH1xkRArmBAJoDcO5waCyCE+lfmEwuILVjcqeLngCcCzNo HgNlBjOx5iQw7etlwwpbyuo= =bIJJ -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: Network Security Services Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA36093
VERIFY ADVISORY: http://secunia.com/advisories/36093/
DESCRIPTION: Some vulnerabilities have been reported in Network Security Services, which can potentially be exploited by malicious people to bypass certain security restrictions or to compromise a vulnerable system.
1) An error in the regular expression parser when matching common names in certificates can be exploited to cause a heap-based buffer overflow, e.g. via a specially crafted certificate signed by a trusted CA or when a user accepts a specially crafted certificate.
2) An error exists in the parsing of certain certificate fields, which can be exploited to e.g. get a client to accept a specially crafted certificate by mistake.
SOLUTION: Update to version 3.12.3 or later.
PROVIDED AND/OR DISCOVERED BY: Red Hat credits: 1) Moxie Marlinspike 2) Dan Kaminsky
ORIGINAL ADVISORY: https://bugzilla.redhat.com/show_bug.cgi?id=512912 https://bugzilla.redhat.com/show_bug.cgi?id=510251
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
This update fixes these vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200907-0748",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.04"
},
{
"model": "firefox",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.0.13"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.10"
},
{
"model": "seamonkey",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.18"
},
{
"model": "opensuse",
"scope": "lte",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.1"
},
{
"model": "network security services",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.3"
},
{
"model": "thunderbird",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.0.23"
},
{
"model": "linux enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "10.0"
},
{
"model": "linux enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "9"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "5.0"
},
{
"model": "opensuse",
"scope": "gte",
"trust": 1.0,
"vendor": "opensuse",
"version": "10.3"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "9.04"
},
{
"model": "seamonkey",
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": "5 (client)"
},
{
"model": "red hat enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "network security services",
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": "red hat enterprise linux desktop",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "thunderbird",
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": "red hat enterprise linux eus",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "sun solaris",
"scope": null,
"trust": 0.8,
"vendor": "\u30b5\u30f3 \u30de\u30a4\u30af\u30ed\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "firefox",
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": "apple mac os x server",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "opensolaris",
"scope": null,
"trust": 0.8,
"vendor": "\u30b5\u30f3 \u30de\u30a4\u30af\u30ed\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "asianux server",
"scope": null,
"trust": 0.8,
"vendor": "\u30b5\u30a4\u30d0\u30fc\u30c8\u30e9\u30b9\u30c8\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001956"
},
{
"db": "NVD",
"id": "CVE-2009-2408"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.12.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.13",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.18",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.0.23",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise:10.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.1",
"versionStartIncluding": "10.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2408"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandriva",
"sources": [
{
"db": "PACKETSTORM",
"id": "83396"
},
{
"db": "PACKETSTORM",
"id": "83397"
},
{
"db": "PACKETSTORM",
"id": "81880"
},
{
"db": "PACKETSTORM",
"id": "80547"
},
{
"db": "PACKETSTORM",
"id": "80546"
},
{
"db": "PACKETSTORM",
"id": "82183"
}
],
"trust": 0.6
},
"cve": "CVE-2009-2408",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-2408",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-39854",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-2408",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-2408",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-39854",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39854"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001956"
},
{
"db": "NVD",
"id": "CVE-2009-2408"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. plural Mozilla product for, X.509 certificate of Common Name (CN) within the domain name in the field. The product provides cross-platform support for SSL, S/MIME and other Internet security standards. There is a mismatch between the NSS library\u0027s handling of the domain name in the SSL certificate between the SSL client and the CA that issued the server certificate. If a malicious user requests a certificate from a hostname with an invalid null character, most CAs will issue a certificate as long as the requester has the domain specified after the null character, but most SSL clients (browsers) will ignore this part of the name, Using a null character before the portion of validation allows an attacker to use a fake certificate in a man-in-the-middle attack to establish a false trust relationship. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2009-2408\n\nDan Kaminsky and Moxie Marlinspike discovered that icedove does not\nproperly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s\nCommon Name (CN) field of an X.509 certificate (MFSA 2009-42). \n\nCVE-2009-2404\n\nMoxie Marlinspike reported a heap overflow vulnerability in the code\nthat handles regular expressions in certificate names (MFSA 2009-43). \n\nCVE-2009-2463\n\nmonarch2020 discovered an integer overflow n a base64 decoding function\n(MFSA 2010-07). \n\nCVE-2009-3072\n\nJosh Soref discovered a crash in the BinHex decoder (MFSA 2010-07). \n\nCVE-2009-3075\n\nCarsten Book reported a crash in the JavaScript engine (MFSA 2010-07). \n\nCVE-2010-0163\n\nLudovic Hirlimann reported a crash indexing some messages with\nattachments, which could lead to the execution of arbitrary code\n(MFSA 2010-07). \n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.0.0.24-0lenny1. \n\nDue to a problem with the archive system it is not possible to release\nall architectures. The missing architectures will be installed into the\narchive once they become available. \n\nFor the testing distribution squeeze and the unstable distribution (sid),\nthese problems will be fixed soon. \n\n\nWe recommend that you upgrade your icedove packages. \n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24.orig.tar.gz\n Size/MD5 checksum: 35856543 3bf6e40cddf593ddc1a66b9e721f12b9\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.dsc\n Size/MD5 checksum: 1668 111c1a93c1ce498715e231272123f841\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.diff.gz\n Size/MD5 checksum: 103260 4661b0c8c170d58f844337699cb8ca1a\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_alpha.deb\n Size/MD5 checksum: 3723382 12c7fe63b0a5c59680ca36200a6f7d20\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_alpha.deb\n Size/MD5 checksum: 61132 c0f96569d4ea0f01cff3950572b3dda9\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_alpha.deb\n Size/MD5 checksum: 57375560 95a614e1cb620fad510eb51ae5cb37c5\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_alpha.deb\n Size/MD5 checksum: 13468190 03a629abf18130605927f5817b097bac\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_amd64.deb\n Size/MD5 checksum: 57584134 7d909c9f1b67d4758e290dc2c1dc01f2\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_amd64.deb\n Size/MD5 checksum: 3937168 de9dda16f94e696de897bec6c8d45f90\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_amd64.deb\n Size/MD5 checksum: 12384488 8d1632f7511c711a1d2ea940f7e451a2\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_amd64.deb\n Size/MD5 checksum: 59114 fae947071c0de6ebce316decbce61f9a\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_arm.deb\n Size/MD5 checksum: 3929902 5ab6f673b34770278270fb7862986b0b\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_arm.deb\n Size/MD5 checksum: 53746 c9c53e8a42d85fe5f4fa8e2a85e55629\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_arm.deb\n Size/MD5 checksum: 56491578 8eb38c6f99c501556506ac6790833941\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_arm.deb\n Size/MD5 checksum: 10943350 d7c0badfe9210ce5341eb17ab7e71ca2\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_hppa.deb\n Size/MD5 checksum: 3944678 2a9dc50b61420b4fdf8f3a4d378bb484\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_hppa.deb\n Size/MD5 checksum: 60554 7dcd739363cff3cc4bda659b82856536\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_hppa.deb\n Size/MD5 checksum: 58523174 6780e8f9de0f2ed0c3bd533d03853d85\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_hppa.deb\n Size/MD5 checksum: 13952170 88674f31191b07cd76ea5d366c545f1d\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_i386.deb\n Size/MD5 checksum: 10951904 52ce1587c6eb95b7f8b63ccedf224d88\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_i386.deb\n Size/MD5 checksum: 54838 101de9e837bea9391461074481bf770f\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_i386.deb\n Size/MD5 checksum: 3924810 6ecf3693cce2ae97fd0bbdafc1ff06f6\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_i386.deb\n Size/MD5 checksum: 56543048 73d1684cf69bed0441393abb46610433\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_ia64.deb\n Size/MD5 checksum: 3756914 615afd30bf893d2d32bbacedf1f7ff8e\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_ia64.deb\n Size/MD5 checksum: 16545566 0444c7198e94ab59e103e60bf86a2aa2\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_ia64.deb\n Size/MD5 checksum: 66302 f8800140b3797d4a4267a5dac0043995\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_ia64.deb\n Size/MD5 checksum: 57199564 5df5808f91ecdf6ac49f0e922b1a0234\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_powerpc.deb\n Size/MD5 checksum: 12112586 4b40106b68670c726624348c0cb8bd1f\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_powerpc.deb\n Size/MD5 checksum: 59511730 226cdd43af9dffb4132002044120769c\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_powerpc.deb\n Size/MD5 checksum: 56670 72e58731ac68f2c599704a3e7ca45d4c\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_powerpc.deb\n Size/MD5 checksum: 3942470 e8454d41a095226a2d252f10da795d96\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n\nCVE-2009-2408\n\n Dan Kaminsky discovered that NULL characters in certificate\n names could lead to man-in-the-middle attacks by tricking the user\n into accepting a rogue certificate. \n\nCVE-2009-2409\n\n Certificates with MD2 hash signatures are no longer accepted\n since they\u0027re no longer considered cryptograhically secure. \n\n\nThe old stable distribution (etch) doesn\u0027t contain nss. \n \n A vulnerability was found in xmltok_impl.c (expat) that with\n specially crafted XML could be exploited and lead to a denial of\n service attack. Related to CVE-2009-2625. \n \n This update provides the latest version of Thunderbird which are not\n vulnerable to these issues. \n\n Update:\n\n The previous mozilla-thunderbird-moztraybiff packages had the wrong\n release which prevented it to be upgraded (#53129). The new packages\n addresses this problem. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408\n http://www.mozilla.org/security/announce/2009/mfsa2009-42.html\n https://bugs.gentoo.org/show_bug.cgi?id=280615\n https://qa.mandriva.com/53129\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.1:\n 8129678451e9e36da6d95a2ce3a694ab 2009.1/i586/mozilla-thunderbird-moztraybiff-1.2.4-4.2mdv2009.1.i586.rpm \n 229bb034c2f1e741bd8f11419ae1aefe 2009.1/SRPMS/mozilla-thunderbird-moztraybiff-1.2.4-4.2mdv2009.1.src.rpm\n\n Mandriva Linux 2009.1/X86_64:\n f69e7801185436e47737979d0651f445 2009.1/x86_64/mozilla-thunderbird-moztraybiff-1.2.4-4.2mdv2009.1.x86_64.rpm \n 229bb034c2f1e741bd8f11419ae1aefe 2009.1/SRPMS/mozilla-thunderbird-moztraybiff-1.2.4-4.2mdv2009.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFKzc5rmqjQ0CJFipgRAvQpAJ9T/LqCuNLAGVYFcxh16Nw9SlgBjACfRyns\n3p8/ikiKsb0/DKOQ4TGMJwI=\n=WJVE\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -----------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2010-0001\nSynopsis: ESX Service Console updates for nss and nspr\nIssue date: 2010-01-06\nUpdated on: 2010-01-06 (initial release of advisory)\nCVE numbers: CVE-2009-2409 CVE-2009-2408 CVE-2009-2404\n CVE-2009-1563 CVE-2009-3274 CVE-2009-3370\n CVE-2009-3372 CVE-2009-3373 CVE-2009-3374\n CVE-2009-3375 CVE-2009-3376 CVE-2009-3380\n CVE-2009-3382\n- -----------------------------------------------------------------------\n1. Summary\n\n Update for Service Console packages nss and nspr\n\n2. Relevant releases\n\n VMware ESX 4.0 without patch ESX400-200912403-SG\n\n3. Problem Description\n\n a. Update for Service Console packages nss and nspr\n\n Service console packages for Network Security Services (NSS) and\n NetScape Portable Runtime (NSPR) are updated to versions\n nss-3.12.3.99.3-1.2157 and nspr-4.7.6-1.2213 respectively. This\n patch fixes several security issues in the service console\n packages for NSS and NSPR. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the names CVE-2009-2409, CVE-2009-2408, CVE-2009-2404,\n CVE-2009-1563, CVE-2009-3274, CVE-2009-3370, CVE-2009-3372,\n CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376,\n CVE-2009-3380, and CVE-2009-3382 to these issues. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-200912403-SG\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 3.0.2 ESX not affected\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 affected, patch pending\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the md5sum of your downloaded file. \n\n ESX 4.0\n -------\n ESX400-200912403-SG\n\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-181-20091231-153046/ESX400-200912001.zip\n md5sum: 78c6cf139b7941dc736c9d3a41deae77\n sha1sum: 36df3a675fbd3c8c8830f00637e37ee716bdac59\n http://kb.vmware.com/kb/1016293\n\n To install an individual bulletin use esxupdate with the -b option. \n esxupdate --bundle=ESX400-200912001.zip -b ESX400-200912403-SG\n update\n\n5. References\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1563\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3370\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3382\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2010-01-06 VMSA-2010-0001\nInitial security advisory after release of patch ESX400-200912403-SG\nfor ESX 4.0 on 2010-01-06. \n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2010 VMware Inc. All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (MingW32)\n\niD8DBQFLRYwLS2KysvBH1xkRArmBAJoDcO5waCyCE+lfmEwuILVjcqeLngCcCzNo\nHgNlBjOx5iQw7etlwwpbyuo=\n=bIJJ\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nNetwork Security Services Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA36093\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/36093/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Network Security Services,\nwhich can potentially be exploited by malicious people to bypass\ncertain security restrictions or to compromise a vulnerable system. \n\n1) An error in the regular expression parser when matching common\nnames in certificates can be exploited to cause a heap-based buffer\noverflow, e.g. via a specially crafted certificate signed by a\ntrusted CA or when a user accepts a specially crafted certificate. \n\n2) An error exists in the parsing of certain certificate fields,\nwhich can be exploited to e.g. get a client to accept a specially\ncrafted certificate by mistake. \n\nSOLUTION:\nUpdate to version 3.12.3 or later. \n\nPROVIDED AND/OR DISCOVERED BY:\nRed Hat credits:\n1) Moxie Marlinspike\n2) Dan Kaminsky\n\nORIGINAL ADVISORY:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=512912\nhttps://bugzilla.redhat.com/show_bug.cgi?id=510251\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n \n This update fixes these vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2408"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001956"
},
{
"db": "VULHUB",
"id": "VHN-39854"
},
{
"db": "PACKETSTORM",
"id": "83396"
},
{
"db": "PACKETSTORM",
"id": "87886"
},
{
"db": "PACKETSTORM",
"id": "80698"
},
{
"db": "PACKETSTORM",
"id": "83397"
},
{
"db": "PACKETSTORM",
"id": "81880"
},
{
"db": "PACKETSTORM",
"id": "84923"
},
{
"db": "PACKETSTORM",
"id": "79888"
},
{
"db": "PACKETSTORM",
"id": "80546"
},
{
"db": "PACKETSTORM",
"id": "82183"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-39854",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39854"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-2408",
"trust": 3.6
},
{
"db": "SECUNIA",
"id": "36125",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "36088",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "56723",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2009-2085",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1022632",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "37098",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "36434",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "36157",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "36669",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "36139",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-3184",
"trust": 1.1
},
{
"db": "BID",
"id": "35888",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "36093",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001956",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "81880",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "83397",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "82183",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "83396",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "87886",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "81228",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81877",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106472",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80223",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-200907-442",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-39854",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80698",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "84923",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80547",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "79888",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80546",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39854"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001956"
},
{
"db": "PACKETSTORM",
"id": "83396"
},
{
"db": "PACKETSTORM",
"id": "87886"
},
{
"db": "PACKETSTORM",
"id": "80698"
},
{
"db": "PACKETSTORM",
"id": "83397"
},
{
"db": "PACKETSTORM",
"id": "81880"
},
{
"db": "PACKETSTORM",
"id": "84923"
},
{
"db": "PACKETSTORM",
"id": "80547"
},
{
"db": "PACKETSTORM",
"id": "79888"
},
{
"db": "PACKETSTORM",
"id": "80546"
},
{
"db": "PACKETSTORM",
"id": "82183"
},
{
"db": "NVD",
"id": "CVE-2009-2408"
}
]
},
"id": "VAR-200907-0748",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-39854"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:18:33.341000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RHSA-2009",
"trust": 0.8,
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-42.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001956"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.0
},
{
"problemtype": "Illegal certificate verification (CWE-295) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-20",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39854"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001956"
},
{
"db": "NVD",
"id": "CVE-2009-2408"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securitytracker.com/id?1022632"
},
{
"trust": 1.9,
"url": "http://secunia.com/advisories/36088"
},
{
"trust": 1.9,
"url": "http://secunia.com/advisories/36125"
},
{
"trust": 1.9,
"url": "http://osvdb.org/56723"
},
{
"trust": 1.9,
"url": "http://www.vupen.com/english/advisories/2009/2085"
},
{
"trust": 1.5,
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-42.html"
},
{
"trust": 1.2,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=510251"
},
{
"trust": 1.1,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/36139"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/36157"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/36434"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/36669"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37098"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2009/dsa-1874"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2009:197"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2009:216"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2009:217"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2009-1207.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2009-1432.html"
},
{
"trust": 1.1,
"url": "http://www.novell.com/linux/security/advisories/2009_48_firefox.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-810-1"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/810-2/"
},
{
"trust": 1.1,
"url": "http://isc.sans.org/diary.html?storyid=7003"
},
{
"trust": 1.1,
"url": "http://www.wired.com/threatlevel/2009/07/kaminsky/"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10751"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8458"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
},
{
"trust": 1.0,
"url": "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8\u0026r2=1.11\u0026f=h"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2408"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2408"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/36093"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/35888"
},
{
"trust": 0.7,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2408"
},
{
"trust": 0.6,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.6,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2404"
},
{
"trust": 0.4,
"url": "https://bugs.gentoo.org/show_bug.cgi?id=280615"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2409"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2409"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2404"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.2,
"url": "http://security.debian.org/"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2625"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=oss-security\u0026amp;m=125198917018936\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8\u0026amp;r2=1.11\u0026amp;f=h"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3720"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3720"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_powerpc.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3072"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_hppa.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3075"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_i386.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0163"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_amd64.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2463"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1-0lenny1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1-0lenny1.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_i386.deb"
},
{
"trust": 0.1,
"url": "https://qa.mandriva.com/53129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3274"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3382"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3376"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3373"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3373"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/security"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3274"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1055"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3370"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1563"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3372"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1016293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3374"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3375"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.1,
"url": "https://hostupdate.vmware.com/software/vum/offline/release-181-20091231-153046/esx400-200912001.zip"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3374"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3380"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3382"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3376"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1563"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3380"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3375"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3372"
},
{
"trust": 0.1,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3370"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos_vi.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/36093/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=512912"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3275"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39854"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001956"
},
{
"db": "PACKETSTORM",
"id": "83396"
},
{
"db": "PACKETSTORM",
"id": "87886"
},
{
"db": "PACKETSTORM",
"id": "80698"
},
{
"db": "PACKETSTORM",
"id": "83397"
},
{
"db": "PACKETSTORM",
"id": "81880"
},
{
"db": "PACKETSTORM",
"id": "84923"
},
{
"db": "PACKETSTORM",
"id": "80547"
},
{
"db": "PACKETSTORM",
"id": "79888"
},
{
"db": "PACKETSTORM",
"id": "80546"
},
{
"db": "PACKETSTORM",
"id": "82183"
},
{
"db": "NVD",
"id": "CVE-2009-2408"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-39854"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001956"
},
{
"db": "PACKETSTORM",
"id": "83396"
},
{
"db": "PACKETSTORM",
"id": "87886"
},
{
"db": "PACKETSTORM",
"id": "80698"
},
{
"db": "PACKETSTORM",
"id": "83397"
},
{
"db": "PACKETSTORM",
"id": "81880"
},
{
"db": "PACKETSTORM",
"id": "84923"
},
{
"db": "PACKETSTORM",
"id": "80547"
},
{
"db": "PACKETSTORM",
"id": "79888"
},
{
"db": "PACKETSTORM",
"id": "80546"
},
{
"db": "PACKETSTORM",
"id": "82183"
},
{
"db": "NVD",
"id": "CVE-2009-2408"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-07-30T00:00:00",
"db": "VULHUB",
"id": "VHN-39854"
},
{
"date": "2009-09-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001956"
},
{
"date": "2009-12-03T20:56:14",
"db": "PACKETSTORM",
"id": "83396"
},
{
"date": "2010-04-01T03:25:53",
"db": "PACKETSTORM",
"id": "87886"
},
{
"date": "2009-08-26T23:21:43",
"db": "PACKETSTORM",
"id": "80698"
},
{
"date": "2009-12-03T20:56:41",
"db": "PACKETSTORM",
"id": "83397"
},
{
"date": "2009-10-08T18:25:53",
"db": "PACKETSTORM",
"id": "81880"
},
{
"date": "2010-01-07T19:33:17",
"db": "PACKETSTORM",
"id": "84923"
},
{
"date": "2009-08-24T17:22:35",
"db": "PACKETSTORM",
"id": "80547"
},
{
"date": "2009-08-04T12:12:18",
"db": "PACKETSTORM",
"id": "79888"
},
{
"date": "2009-08-24T17:21:29",
"db": "PACKETSTORM",
"id": "80546"
},
{
"date": "2009-10-26T18:46:23",
"db": "PACKETSTORM",
"id": "82183"
},
{
"date": "2009-07-30T19:30:00.313000",
"db": "NVD",
"id": "CVE-2009-2408"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-39854"
},
{
"date": "2024-03-04T07:36:00",
"db": "JVNDB",
"id": "JVNDB-2009-001956"
},
{
"date": "2024-02-14T17:21:52.867000",
"db": "NVD",
"id": "CVE-2009-2408"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "87886"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Mozilla\u00a0 product \u00a0 any in \u00a0SSL\u00a0 Server spoofing vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001956"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "spoof",
"sources": [
{
"db": "PACKETSTORM",
"id": "83396"
},
{
"db": "PACKETSTORM",
"id": "80547"
}
],
"trust": 0.2
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.