CVE - CVE-2009-2409

CVE-ID
CVE-2009-2409	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1022631 URL:http://www.securitytracker.com/id?1022631 MISC:20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console URL:http://www.securityfocus.com/archive/1/515055/100/0/threaded MISC:36139 URL:http://secunia.com/advisories/36139 MISC:36157 URL:http://secunia.com/advisories/36157 MISC:36434 URL:http://secunia.com/advisories/36434 MISC:36669 URL:http://secunia.com/advisories/36669 MISC:36739 URL:http://secunia.com/advisories/36739 MISC:37386 URL:http://secunia.com/advisories/37386 MISC:42467 URL:http://secunia.com/advisories/42467 MISC:ADV-2009-2085 URL:~~http://www.vupen.com/english/advisories/2009/2085~~ (Obsolete source) MISC:ADV-2009-3184 URL:~~http://www.vupen.com/english/advisories/2009/3184~~ (Obsolete source) MISC:ADV-2010-3126 URL:~~http://www.vupen.com/english/advisories/2010/3126~~ (Obsolete source) MISC:APPLE-SA-2009-11-09-1 URL:http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html MISC:DSA-1874 URL:http://www.debian.org/security/2009/dsa-1874 MISC:DSA-1888 URL:https://www.debian.org/security/2009/dsa-1888 MISC:GLSA-200911-02 URL:http://security.gentoo.org/glsa/glsa-200911-02.xml MISC:GLSA-200912-01 URL:http://security.gentoo.org/glsa/glsa-200912-01.xml MISC:MDVSA-2009:197 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:197~~ (Obsolete source) MISC:MDVSA-2009:216 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:216~~ (Obsolete source) MISC:MDVSA-2009:258 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:258~~ (Obsolete source) MISC:MDVSA-2010:084 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:084~~ (Obsolete source) MISC:RHSA-2009:1207 URL:http://www.redhat.com/support/errata/RHSA-2009-1207.html MISC:RHSA-2009:1432 URL:http://www.redhat.com/support/errata/RHSA-2009-1432.html MISC:RHSA-2010:0095 URL:https://rhn.redhat.com/errata/RHSA-2010-0095.html MISC:USN-810-1 URL:http://www.ubuntu.com/usn/usn-810-1 MISC:USN-810-2 URL:https://usn.ubuntu.com/810-2/ MISC:[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released URL:https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html MISC:[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released URL:https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html MISC:http://java.sun.com/j2se/1.5.0/ReleaseNotes.html URL:http://java.sun.com/j2se/1.5.0/ReleaseNotes.html MISC:http://java.sun.com/javase/6/webnotes/6u17.html URL:http://java.sun.com/javase/6/webnotes/6u17.html MISC:http://support.apple.com/kb/HT3937 URL:http://support.apple.com/kb/HT3937 MISC:http://www.vmware.com/security/advisories/VMSA-2010-0019.html URL:http://www.vmware.com/security/advisories/VMSA-2010-0019.html MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409 URL:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409 MISC:oval:org.mitre.oval:def:10763 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763 MISC:oval:org.mitre.oval:def:6631 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631 MISC:oval:org.mitre.oval:def:7155 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155 MISC:oval:org.mitre.oval:def:8594 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594
Assigning CNA
Red Hat, Inc.
Date Record Created
20090709	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090709)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)