CVE-2009-3767

Related Files

Gentoo Linux Security Advisory 201406-36

Posted Jul 1, 2014

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201406-36 - Multiple vulnerabilities were found in OpenLDAP, allowing for Denial of Service or a man-in-the-middle attack. Versions less than 2.4.35 are affected.

tags | advisory, denial of service, vulnerability

systems | linux, gentoo

advisories | CVE-2009-3767, CVE-2010-0211, CVE-2010-0212, CVE-2011-1024, CVE-2011-1025, CVE-2011-1081, CVE-2011-4079, CVE-2012-1164, CVE-2012-2668

SHA-256 | 42774738976bd9d080b8893ce307ab134ab715b79f71571a7a4bb8a11e479e75

Download | Favorite | View

Red Hat Security Advisory 2011-0896-01

Posted Jun 24, 2011

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0896-01 - JBoss Enterprise Web Server has been updated to mitigate multiple vulnerabilities such as cross site scripting, information leaks, and more.

tags | advisory, web, vulnerability, xss

systems | linux, redhat

advisories | CVE-2008-7270, CVE-2009-3245, CVE-2009-3560, CVE-2009-3720, CVE-2009-3767, CVE-2010-1157, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-3718, CVE-2010-4172, CVE-2010-4180, CVE-2011-0013, CVE-2011-0419

SHA-256 | afb754e948ecb997661a2640f0ff3042c01bce970a3e081cc14ecea1dd6901bc

Download | Favorite | View

VMware Security Advisory 2010-0015

Posted Sep 30, 2010

Authored by VMware | Site vmware.com

VMware Security Advisory 2010-0015 - ESX 4.0 Console OS (COS) updates for NSS_db, OpenLDAP, cURL, sudo OpenSSL, GnuTLS, NSS and NSPR packages.

tags | advisory

advisories | CVE-2009-2409, CVE-2009-3245, CVE-2009-3555, CVE-2009-3767, CVE-2010-0433, CVE-2010-0734, CVE-2010-0826, CVE-2010-1646

SHA-256 | fdad8c6c91e0eabfe81a21d19d5f5d5ed52fdc1c4de978eea683eae1e3131b79

Download | Favorite | View

Mandriva Linux Security Advisory 2010-026

Posted Jan 27, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-026 - libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not properly handle a \\'\\0\\' (NUL) character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary, spoof

systems | linux, mandriva

advisories | CVE-2009-3767

SHA-256 | d24aa6b26a33a379ee5a3aeb6a16a1856818804de3fa37eae392f97c6825290a

Download | Favorite | View

Debian Linux Security Advisory 1943-1

Posted Dec 3, 2009

Authored by Debian | Site debian.org

Debian Linux Security Advisory 1943-1 - It was discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

tags | advisory, arbitrary, spoof, protocol

systems | linux, debian

advisories | CVE-2009-3767

SHA-256 | 51089e82cdb37535b632168d923a1d7d96c2ea14a23c7475f565b440dedd4510

Download | Favorite | View

Ubuntu Security Notice 858-1

Posted Nov 17, 2009

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 858-1 - It was discovered that OpenLDAP did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

tags | advisory, remote

systems | linux, ubuntu

advisories | CVE-2009-3767

SHA-256 | a6024a3110c743272fbf0c499c8ca74b5389d0e98c503beef7f5a6a43719f0ed

Download | Favorite | View