5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.014 Low
EPSS
Percentile
86.3%
The Network Security Services (NSS) library before 3.12.3, as used in
Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and
other products support MD2 with X.509 certificates, which might allow
remote attackers to spoof certificates by using MD2 design flaws to
generate a hash collision in less than brute-force time. NOTE: the scope of
this issue is currently limited because the amount of computation required
is still large.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | gnutls12 | < 1.2.9-2ubuntu1.5 | UNKNOWN |
ubuntu | 8.04 | noarch | gnutls13 | < 2.0.4-1ubuntu2.5 | UNKNOWN |
ubuntu | 8.10 | noarch | gnutls26 | < 2.4.1-1ubuntu0.3 | UNKNOWN |
ubuntu | 9.04 | noarch | gnutls26 | < 2.4.2-5 | UNKNOWN |
ubuntu | 8.04 | noarch | nss | < 3.12.3.1-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 8.10 | noarch | nss | < 3.12.3.1-0ubuntu0.8.10.1 | UNKNOWN |
ubuntu | 9.04 | noarch | nss | < 3.12.3.1-0ubuntu0.9.04.1 | UNKNOWN |
ubuntu | 9.10 | noarch | nss | < 3.12.3.1-0ubuntu1 | UNKNOWN |
ubuntu | 8.04 | noarch | openjdk-6 | < 6b18-1.8.2-4ubuntu1~8.04.1 | UNKNOWN |
ubuntu | 8.10 | noarch | openjdk-6 | < 6b12-0ubuntu6.6 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2009-2409
nvd.nist.gov/vuln/detail/CVE-2009-2409
security-tracker.debian.org/tracker/CVE-2009-2409
ubuntu.com/security/notices/USN-809-1
ubuntu.com/security/notices/USN-810-1
ubuntu.com/security/notices/USN-830-1
ubuntu.com/security/notices/USN-859-1
www.cve.org/CVERecord?id=CVE-2009-2409