OVAL Reference oval:org.opensuse.security:def:20092408

Oval Definition:

oval:org.opensuse.security:def:20092408

Revision Date:	2022-05-20	Version:	1
Title:	CVE-2009-2408
Description:	Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2009-2408 Mitre CVE-2009-2408 SUSE CVE-2009-2408 SUSE-SA:2009:048 SUSE-SA:2009:048 SUSE-SR:2009:016 SUSE-SR:2009:016 SUSE-SR:2009:018 SUSE-SR:2009:018 TID7021279 TID7021518 TID7021676 TID7021848 TID7022090 TID7022102
Platform(s):	Novell Linux Desktop 9 for x86 Novell Linux Desktop 9 for x86_64 Open Enterprise Server openSUSE 10.3 openSUSE 11.0 openSUSE 11.1 SLE 11 DESKTOP Unsupported Extras SLES SDK 9 for IBM iSeries and IBM pSeries SLES SDK 9 for IBM S/390 and IBM zSeries SLES SDK 9 for IBM zSeries SLES SDK 9 for IPF SLES SDK 9 for x86 SLES SDK 9 for X86-64 SUSE CORE 9 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP3 for x86 SUSE Linux Enterprise Desktop 11 GA SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise SDK 11 GA SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 11 GA SUSE Linux Enterprise Server for SAP Applications 11	Product(s):
Definition Synopsis
Release Information sles10-sp2-sdk is installed AND openldap2-back-meta less than 2.3.32-0.34.2 OR openldap2-back-perl less than 2.3.32-0.34.2 OR Package Information sles10-sp2-sdk is installed AND mozilla-nss-tools less than 3.12.3.1-1.4.2 OR Package Information sles10-sp3 is installed openldap2-back-meta less than 2.3.32-0.36.50 OR openldap2-back-perl less than 2.3.32-0.36.50 OR openldap2-client-32bit less than 2.3.32-0.36.91 OR openldap2-client-64bit less than 2.3.32-0.36.91 OR openldap2-client-x86 less than 2.3.32-0.36.91 OR openldap2-client less than 2.3.32-0.36.91 OR openldap2-devel-32bit less than 2.3.32-0.36.91 OR openldap2-devel-64bit less than 2.3.32-0.36.91 OR openldap2-devel less than 2.3.32-0.36.91 OR openldap2 less than 2.3.32-0.36.50 OR sles10-sp3-sdk is installed openldap2-back-meta less than 2.3.32-0.36.50 OR openldap2-back-perl less than 2.3.32-0.36.50 OR Package Information sles10-sp3 is installed neon-32bit less than 0.24.7-20.8.1 OR neon-64bit less than 0.24.7-20.8.1 OR neon-x86 less than 0.24.7-20.8.1 OR neon less than 0.24.7-20.8.1 OR sles10-sp3-sdk is installed AND neon-devel less than 0.24.7-20.8.1 OR Package Information sles10-sp2-sdk is installed AND neon-devel less than 0.24.7-20.8.1
Definition Synopsis
SUSE Linux Enterprise Server 11 is installed AND Package Information libfreebl3-3.12.3.1-1.1 is installed OR libfreebl3-32bit-3.12.3.1-1.1 is installed OR libfreebl3-x86-3.12.8-1.2 is installed OR libldap-2_4-2-2.4.12-7.18 is installed OR libldap-2_4-2-32bit-2.4.12-7.18 is installed OR libldap-2_4-2-x86-2.4.12-7.19 is installed OR libneon27-0.28.3-2.12 is installed OR libneon27-32bit-0.28.3-2.12 is installed OR libneon27-x86-0.28.3-2.12 is installed OR mozilla-nspr-4.8.6-1.2 is installed OR mozilla-nspr-32bit-4.8.6-1.2 is installed OR mozilla-nspr-x86-4.8.6-1.2 is installed OR mozilla-nss-3.12.3.1-1.1 is installed OR mozilla-nss-32bit-3.12.3.1-1.1 is installed OR mozilla-nss-tools-3.12.3.1-1.1 is installed OR mozilla-nss-x86-3.12.8-1.2 is installed OR mutt-1.5.17-42.32 is installed OR neon-0.28.3-2.12 is installed OR openldap2-2.4.12-7.18 is installed OR openldap2-back-meta-2.4.12-7.18 is installed OR openldap2-client-2.4.12-7.18 is installed OR zlib-1.2.3-106 is installed OR zlib-32bit-1.2.3-106 is installed OR zlib-x86-1.2.3-106 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise Server 11 is installed AND libfreebl3-3.12.3.1-1.1.1 is installed OR libfreebl3-32bit-3.12.8-1.2.1 is installed OR libfreebl3-x86-3.12.8-1.2.1 is installed OR libldap-2_4-2-2.4.12-7.18.1 is installed OR libldap-2_4-2-32bit-2.4.12-7.19.1 is installed OR libldap-2_4-2-x86-2.4.12-7.19.1 is installed OR libneon27-0.28.3-2.12.1 is installed OR libneon27-32bit-0.28.3-2.12.1 is installed OR libneon27-x86-0.28.3-2.12.1 is installed OR mozilla-nspr-4.8.6-1.2.1 is installed OR mozilla-nspr-32bit-4.8.6-1.2.1 is installed OR mozilla-nspr-x86-4.8.6-1.2.1 is installed OR mozilla-nss-3.12.3.1-1.1.1 is installed OR mozilla-nss-32bit-3.12.8-1.2.1 is installed OR mozilla-nss-tools-3.12.3.1-1.1.1 is installed OR mozilla-nss-x86-3.12.8-1.2.1 is installed OR mutt-1.5.17-42.32.2 is installed OR neon-0.28.3-2.12.1 is installed OR openldap2-2.4.12-7.18.1 is installed OR openldap2-back-meta-2.4.12-7.18.1 is installed OR openldap2-client-2.4.12-7.18.1 is installed OR zlib-1.2.3-106.34 is installed OR zlib-32bit-1.2.3-106.34 is installed OR zlib-x86-1.2.3-106.34 is installed OR Package Information SUSE Linux Enterprise Server for SAP Applications 11 is installed AND libfreebl3-3.12.3.1-1.1.1 is installed OR libfreebl3-32bit-3.12.3.1-1.1.1 is installed OR libfreebl3-x86-3.12.8-1.2.1 is installed OR libldap-2_4-2-2.4.12-7.18.1 is installed OR libldap-2_4-2-32bit-2.4.12-7.18.1 is installed OR libldap-2_4-2-x86-2.4.12-7.19.1 is installed OR libneon27-0.28.3-2.12.1 is installed OR libneon27-32bit-0.28.3-2.12.1 is installed OR libneon27-x86-0.28.3-2.12.1 is installed OR mozilla-nspr-4.8.6-1.2.1 is installed OR mozilla-nspr-32bit-4.8.6-1.2.1 is installed OR mozilla-nspr-x86-4.8.6-1.2.1 is installed OR mozilla-nss-3.12.3.1-1.1.1 is installed OR mozilla-nss-32bit-3.12.3.1-1.1.1 is installed OR mozilla-nss-tools-3.12.3.1-1.1.1 is installed OR mozilla-nss-x86-3.12.8-1.2.1 is installed OR mutt-1.5.17-42.32.2 is installed OR neon-0.28.3-2.12.1 is installed OR openldap2-2.4.12-7.18.1 is installed OR openldap2-back-meta-2.4.12-7.18.1 is installed OR openldap2-client-2.4.12-7.18.1 is installed OR zlib-1.2.3-106.34 is installed OR zlib-32bit-1.2.3-106.34 is installed OR zlib-x86-1.2.3-106.34 is installed

BACK