exploits , vulnerabilities , articles , ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability

Title	ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
Published	2009-10-23-12:00AM
Updated	2009-10-23-08:58PM
Class	Design Error
CVE	CVE-2009-3639
Remote	Yes
Local	No
Credit	TJ Saunders
Vulnerable	ProFTPD Project ProFTPD 1.3.2 rc3 ProFTPD Project ProFTPD 1.3.2 rc2 ProFTPD Project ProFTPD 1.3.2 ProFTPD Project ProFTPD 1.3.1 ProFTPD Project ProFTPD 1.3 rc3 ProFTPD Project ProFTPD 1.3 a ProFTPD Project ProFTPD 1.3 .0rc2 ProFTPD Project ProFTPD 1.3 .0rc1 ProFTPD Project ProFTPD 1.3 ProFTPD Project ProFTPD 1.2.10 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia64 Debian Linux 3.1 ia32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 ProFTPD Project ProFTPD 1.2.9 rc3 ProFTPD Project ProFTPD 1.2.9 rc2 ProFTPD Project ProFTPD 1.2.9 rc1 ProFTPD Project ProFTPD 1.2.9 MandrakeSoft Linux Mandrake 10.0 OpenPKG OpenPKG 2.0 OpenPKG OpenPKG 1.3 OpenPKG OpenPKG Current Slackware Linux 9.1 Slackware Linux 9.0 Slackware Linux 8.1 Slackware Linux current ProFTPD Project ProFTPD 1.2.8 rc2 ProFTPD Project ProFTPD 1.2.8 rc1 ProFTPD Project ProFTPD 1.2.8 Slackware Linux 9.0 Slackware Linux 8.1 Slackware Linux current ProFTPD Project ProFTPD 1.2.7 rc3 ProFTPD Project ProFTPD 1.2.7 rc2 ProFTPD Project ProFTPD 1.2.7 rc1 ProFTPD Project ProFTPD 1.2.7 Sun Cobalt Qube 3 ProFTPD Project ProFTPD 1.2.6 ProFTPD Project ProFTPD 1.2.5 rc1 ProFTPD Project ProFTPD 1.2.5 ProFTPD Project ProFTPD 1.2.4 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia64 Debian Linux 3.0 ia32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0 ProFTPD Project ProFTPD 1.2.3 ProFTPD Project ProFTPD 1.2.2 rc3 ProFTPD Project ProFTPD 1.2.2 rc1 ProFTPD Project ProFTPD 1.2.2 ProFTPD Project ProFTPD 1.2.1 ProFTPD Project ProFTPD 1.2 pre9 ProFTPD Project ProFTPD 1.2 pre8 ProFTPD Project ProFTPD 1.2 pre7 ProFTPD Project ProFTPD 1.2 pre6 ProFTPD Project ProFTPD 1.2 pre5 ProFTPD Project ProFTPD 1.2 pre4 ProFTPD Project ProFTPD 1.2 pre3 ProFTPD Project ProFTPD 1.2 pre2 ProFTPD Project ProFTPD 1.2 pre11 ProFTPD Project ProFTPD 1.2 pre10 ProFTPD Project ProFTPD 1.2 pre1 ProFTPD Project ProFTPD 1.2 .0rc3 Conectiva Linux 7.0 Conectiva Linux 6.0 Conectiva Linux 5.1 Conectiva Linux 5.0 Conectiva Linux graficas Conectiva Linux ecommerce MandrakeSoft Linux Mandrake 8.1 ia64 MandrakeSoft Linux Mandrake 8.1 MandrakeSoft Linux Mandrake 8.0 ppc MandrakeSoft Linux Mandrake 8.0 MandrakeSoft Linux Mandrake 7.2 ProFTPD Project ProFTPD 1.2 .0rc2 ProFTPD Project ProFTPD 1.2 .0rc1 ProFTPD Project ProFTPD 1.2 Cobalt Qube 3.0 Cobalt Qube 2.0 Cobalt RaQ 3.0 Cobalt RaQ 2.0 Cobalt RaQ 1.1
Not Vulnerable	ProFTPD Project ProFTPD 1.3.3 rc2 ProFTPD Project ProFTPD 1.3.2b
Code	Attackers use man-in-the-middle attacks to exploit this issue.
TXT

Vulnerabilities - newest 10 RSS | More

2009-11-24 Subscribe to Comments WordPress Plugin Multiple Unspecified Input Validation Vulnerabilities
2009-11-24 RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
2009-11-24 Cacti Multiple HTML Injection Vulnerabilities
2009-11-24 Philippe Jounin Tftpd32 Connect Frame Denial Of Service Vulnerability
2009-11-24 Microsoft Internet Explorer PDF Generation Information Disclosure Vulnerability
2009-11-23 WordPress WP-Cumulus Plugin Cross-Site Scripting Vulnerability
2009-11-23 Fuctweb CapCC Plugin for WordPress CAPTCHA Security Bypass Vulnerability
2009-11-23 FireStats WordPress Plugin Multiple Cross Site Scripting and Authentication Bypass Vulnerabilities
2009-11-23 WP Contact Form WordPress Plugin Multiple HTML Injection Vulnerabilities
2009-11-23 WP Contact Form WordPress Plugin Security Bypass and Multiple HTML Injection Vulnerabilities