{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-10-24T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-01-28T10:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "SUSE-SR:2010:001", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://msmtp.sourceforge.net/news.html"}, {"name": "37321", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37321"}, {"name": "ADV-2009-3224", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3224"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-3942", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SR:2010:001", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html"}, {"name": "http://msmtp.sourceforge.net/news.html", "refsource": "CONFIRM", "url": "http://msmtp.sourceforge.net/news.html"}, {"name": "37321", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37321"}, {"name": "ADV-2009-3224", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3224"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:45:50.505Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SR:2010:001", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://msmtp.sourceforge.net/news.html"}, {"name": "37321", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37321"}, {"name": "ADV-2009-3224", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3224"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-3942", "datePublished": "2009-11-16T19:00:00.000Z", "dateReserved": "2009-11-16T00:00:00.000Z", "dateUpdated": "2024-08-07T06:45:50.505Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:martin_lambers:msmtp:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D01B530-981C-4EF5-89E6-538ADA25D2F9", "versionEndIncluding": "1.4.18", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "99E4CB87-6453-43EA-B969-1D26F047B868", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "C28522F5-40C1-4CB2-8A21-FFF9C75B6C9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "0D297F70-E8FF-45BA-A299-1B24D0616855", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "ABEE80E9-C4FF-4AB3-8DFA-2468B01861E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "1AAB4EC4-2035-4421-90ED-772E01BC6725", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "448B136B-7FCB-444F-A8AE-89DBA1308EDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "E3F98F29-131F-49E6-A819-89AB1CDFB8F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0A9C11A-A8FC-4132-BE35-1A55A869D962", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B6304EC0-8977-4164-9355-E419B2BDFE12", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "F3D69119-DB27-4439-A4A1-20B22226D3E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "86A0B3AA-EDED-4BC9-9516-23A1870C68FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "FD544309-CACE-4D0E-8921-B972988939DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "4EDDDAAA-FE6D-4E3D-B4BA-2FDEADAE8CD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "9A71A198-495A-4BA1-A66F-734E49126710", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "6806D84A-C775-46CC-BD67-1FB70ACD7B60", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "9267E3FC-3B89-4E9D-924E-401FA7B1872C", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "7F49177D-4F29-40DA-AAB4-39B71BDA8210", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "C241047D-1A6C-4E49-968D-AF08881B57D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "71F0F562-4906-415B-87CE-FA17126AC186", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "030746E6-A9E2-4A3C-B51F-6920B558A123", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "2D4E425C-24CC-4D64-9500-AA37120BDB20", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "81797111-EE62-49EB-8804-BE493A5CCB2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3EA2E59-C745-4926-B6A4-FA7512EE9B60", "vulnerable": false}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "DB35C639-4D53-4A36-A567-F0742DE8F6BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "C269D45F-7E20-4E85-8EC2-D05155750CE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "48125BDD-B875-4650-8B1D-D28C5F04208F", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "1C2AAA19-7026-4EF1-85A4-87D9B08D708B", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B4A3BE86-51CA-4DFC-809B-D38075DC052E", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "390C2B54-479E-4DE3-9816-E60251455E18", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "77FB50D8-DBE6-4547-A643-3F3749F98716", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "96C296F7-053B-4C68-AD20-9F2A716F9E81", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "B674C7D5-9F59-4604-8469-FAA003AE7F1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "91F59DE1-329E-42E1-84CC-8CE5B032781D", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "42FEED21-B6B0-4CE5-BE04-B284DEED46D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "2ABFEA78-CE3C-4795-93C8-87F1EDECED1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "BAA30198-E58E-408B-96CB-52417FC51CE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "E9C27411-6B62-4B1B-8E87-2653F5712E6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "237AF741-3C2A-4F55-9286-CF6FF4977557", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "D92E239B-8BD7-4DA7-BC86-4F64638C5203", "vulnerable": false}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "2AF8F0CF-A59D-4D0C-9414-BEE4B9714EE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "11215AD3-0AB1-47B1-B55F-DC6F40DB4F5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "B5B2D527-F99B-45A6-BF7B-D04CC28672BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.15:*:*:*:*:*:*:*", "matchCriteriaId": "3580054B-7A34-4CE3-8B43-D398858E83D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.16:*:*:*:*:*:*:*", "matchCriteriaId": "1EF98D9C-A072-453D-B0C6-600DF595E3E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:msmtp:1.4.17:*:*:*:*:*:*:*", "matchCriteriaId": "21BAABE8-97D9-49AE-A9F6-A1F49E8928BB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."}, {"lang": "es", "value": "Martin Lambers msmtp versiones anteriores a v1.4.19, cuando usa OpenSSL, no maneja adecuadamente un car\u00e1cter '\\0' en un nombre de dominio (1) en el campo nombre com\u00fan del sujeto o (2) en el campo nombre alternativo del sujeto de un certificado X.509, permitiendo que atacantes de hombre en medio (man-in-the-middle) suplantar a servidores SSL de su elecci\u00f3n mediante un certificado modificado emitido por una Autoridad de Certificaci\u00f3n leg\u00edtima, estando relacionado con el CVE-2009-2408."}], "id": "CVE-2009-3942", "lastModified": "2026-04-23T00:35:47.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-11-16T19:30:01.077", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html"}, {"source": "cve@mitre.org", "url": "http://msmtp.sourceforge.net/news.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37321"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3224"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://msmtp.sourceforge.net/news.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37321"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3224"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "msmtp SSL NULL prefix flaw", "id": "537932", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=537932"}, "csaw": false, "details": ["Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."], "name": "CVE-2009-3942", "public_date": "2009-10-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-3942"], "threat_severity": "Moderate"}

{}