CVE-2009-3639 : The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the

The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Published 2009-10-28 14:30:00

Updated 2017-08-17 01:31:13

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2009-3639

Proftpd » Proftpd » Update A
Versions up to, including, (<=) 1.3.2
cpe:2.3:a:proftpd:proftpd:*:a:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.2 Update RC1
cpe:2.3:a:proftpd:proftpd:1.3.2:rc1:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.1
cpe:2.3:a:proftpd:proftpd:1.3.1:*:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.3 Update RC1
cpe:2.3:a:proftpd:proftpd:1.3.3:rc1:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.2 Update RC2
cpe:2.3:a:proftpd:proftpd:1.3.2:rc2:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.2 Update RC4
cpe:2.3:a:proftpd:proftpd:1.3.2:rc4:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.2
cpe:2.3:a:proftpd:proftpd:1.3.2:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2009-3639

Top countries where our scanners detected CVE-2009-3639

Top open port discovered on systems with this issue 21

IPs affected by CVE-2009-3639 46,128

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2009-3639!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2009-3639

EPSS FAQ

1.64%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 81 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-3639

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.8	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:P	8.6	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2009-3639

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-3639

https://exchange.xforce.ibmcloud.com/vulnerabilities/53936

ProFTPD mod_tls SSL certificate security bypass CVE-2009-3639 Vulnerability Report
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00649.html

[SECURITY] Fedora 10 Update: proftpd-1.3.2b-1.fc10
https://bugzilla.redhat.com/show_bug.cgi?id=530719

530719 – (CVE-2009-3639) CVE-2009-3639 ProFTPD: Doesn't properly handle NULL character in subjectAltName
Patch
http://www.securityfocus.com/bid/36804

Patch
http://marc.info/?l=oss-security&m=125630966510672&w=2

'[oss-security] proftpd - mod_tls - Improper SSL/TLS certificate subjectAltName verification' - MARC
http://www.debian.org/security/2009/dsa-1925

[SECURITY] [DSA 1925-1] New proftpd-dfsg packages fix SSL certificate verification weakness
http://www.mandriva.com/security/advisories?name=MDVSA-2009:288

Mandriva
http://marc.info/?l=oss-security&m=125632960508211&w=2

'Re: [oss-security] proftpd - mod_tls - Improper SSL/TLS certificate' - MARC
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00642.html

[SECURITY] Fedora 11 Update: proftpd-1.3.2b-1.fc11
http://bugs.proftpd.org/show_bug.cgi?id=3275

Bug 3275 – Improper SSL/TLS certificate subjectAltName verification