Vulnerability CVE-2009-3639

Vulnerability Name:

CVE-2009-3639 (CCN-53936)

Assigned:

2009-10-20

Published:

2009-10-20

Updated:

2017-08-17

Summary:

The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P)
4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-310

Vulnerability Consequences:

Bypass Security

References:

Source: CCN
Type: Proftp.org Bugzilla Bug 3275
Improper SSL/TLS certificate subjectAltName verification

Source: CONFIRM
Type: UNKNOWN
http://bugs.proftpd.org/show_bug.cgi?id=3275

Source: MITRE
Type: CNA
CVE-2009-3639

Source: MLIST
Type: UNKNOWN
[oss-security] 20091023 proftpd - mod_tls - Improper SSL/TLS certificate subjectAltName verification

Source: MLIST
Type: UNKNOWN
[oss-security] 20091023 Re: proftpd - mod_tls - Improper SSL/TLS certificate subjectAltName verification

Source: CCN
Type: SA36093
Network Security Services Multiple Vulnerabilities

Source: CCN
Type: SA37131
ProFTPD SSL Certificate NULL Character Processing Security Issue

Source: SECUNIA
Type: Vendor Advisory
37131

Source: SECUNIA
Type: UNKNOWN
37219

Source: DEBIAN
Type: UNKNOWN
DSA-1925

Source: DEBIAN
Type: DSA-1925
proftpd-dfsg -- insufficient input validation

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:288

Source: CCN
Type: ProFTPD Web site
ProFTPD - Highly configurable GPL-licensed FTP server software

Source: BID
Type: Patch
36804

Source: CCN
Type: BID-36804
ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability

Source: CONFIRM
Type: Patch
https://bugzilla.redhat.com/show_bug.cgi?id=530719

Source: XF
Type: UNKNOWN
proftpd-modtls-security-bypass(53936)

Source: XF
Type: UNKNOWN
proftpd-modtls-security-bypass(53936)

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-11649

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-11666

Vulnerable Configuration:

Configuration 1:

cpe:/a:proftpd:proftpd:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.3.2:*:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:*:a:*:*:*:*:*:* (Version <= 1.3.2)

OR cpe:/a:proftpd:proftpd:1.3.2:rc1:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.3.2:rc2:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.3.2:rc4:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.3.3:rc1:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:proftpd:proftpd:1.2.0:*:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.3.2:*:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.3.2:rc2:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.3.2:rc1:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.3.2:rc4:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.3.2:a:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.3.3:rc1:*:*:*:*:*:*

AND

cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:113175	P	proftpd-1.3.5b-2.5 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:106597	P	proftpd-1.3.5b-2.5 on GA media (Moderate)	2021-10-01
oval:org.mitre.oval:def:7684	P	DSA-1925 proftpd-dfsg -- insufficient input validation	2014-06-23
oval:org.mitre.oval:def:13366	P	DSA-1925-1 proftpd-dfsg -- insufficient input validation	2014-06-23
oval:org.debian:def:1925	V	insufficient input validation	2009-10-31

BACK