Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly handle a 0 character in a domain name in the (1) subjects Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Msmtp | Martin_lambers | * | 1.4.18 (including) |
| Msmtp | Martin_lambers | 0.2.5 (including) | 0.2.5 (including) |
| Msmtp | Martin_lambers | 0.2.6 (including) | 0.2.6 (including) |
| Msmtp | Martin_lambers | 0.3.0 (including) | 0.3.0 (including) |
| Msmtp | Martin_lambers | 0.3.1 (including) | 0.3.1 (including) |
| Msmtp | Martin_lambers | 0.4.0 (including) | 0.4.0 (including) |
| Msmtp | Martin_lambers | 0.4.1 (including) | 0.4.1 (including) |
| Msmtp | Martin_lambers | 0.4.2 (including) | 0.4.2 (including) |
| Msmtp | Martin_lambers | 0.5.0 (including) | 0.5.0 (including) |
| Msmtp | Martin_lambers | 0.5.1 (including) | 0.5.1 (including) |
| Msmtp | Martin_lambers | 0.5.2 (including) | 0.5.2 (including) |
| Msmtp | Martin_lambers | 0.5.3 (including) | 0.5.3 (including) |
| Msmtp | Martin_lambers | 0.6.0 (including) | 0.6.0 (including) |
| Msmtp | Martin_lambers | 0.6.1 (including) | 0.6.1 (including) |
| Msmtp | Martin_lambers | 0.6.2 (including) | 0.6.2 (including) |
| Msmtp | Martin_lambers | 0.6.3 (including) | 0.6.3 (including) |
| Msmtp | Martin_lambers | 0.6.4 (including) | 0.6.4 (including) |
| Msmtp | Martin_lambers | 0.6.5 (including) | 0.6.5 (including) |
| Msmtp | Martin_lambers | 0.6.6 (including) | 0.6.6 (including) |
| Msmtp | Martin_lambers | 0.7.0 (including) | 0.7.0 (including) |
| Msmtp | Martin_lambers | 0.7.1 (including) | 0.7.1 (including) |
| Msmtp | Martin_lambers | 0.7.2 (including) | 0.7.2 (including) |
| Msmtp | Martin_lambers | 1.0.0 (including) | 1.0.0 (including) |
| Msmtp | Martin_lambers | 1.2.0 (including) | 1.2.0 (including) |
| Msmtp | Martin_lambers | 1.2.1 (including) | 1.2.1 (including) |
| Msmtp | Martin_lambers | 1.2.2 (including) | 1.2.2 (including) |
| Msmtp | Martin_lambers | 1.2.3 (including) | 1.2.3 (including) |
| Msmtp | Martin_lambers | 1.2.4 (including) | 1.2.4 (including) |
| Msmtp | Martin_lambers | 1.4.0 (including) | 1.4.0 (including) |
| Msmtp | Martin_lambers | 1.4.1 (including) | 1.4.1 (including) |
| Msmtp | Martin_lambers | 1.4.2 (including) | 1.4.2 (including) |
| Msmtp | Martin_lambers | 1.4.3 (including) | 1.4.3 (including) |
| Msmtp | Martin_lambers | 1.4.4 (including) | 1.4.4 (including) |
| Msmtp | Martin_lambers | 1.4.5 (including) | 1.4.5 (including) |
| Msmtp | Martin_lambers | 1.4.6 (including) | 1.4.6 (including) |
| Msmtp | Martin_lambers | 1.4.7 (including) | 1.4.7 (including) |
| Msmtp | Martin_lambers | 1.4.8 (including) | 1.4.8 (including) |
| Msmtp | Martin_lambers | 1.4.9 (including) | 1.4.9 (including) |
| Msmtp | Martin_lambers | 1.4.10 (including) | 1.4.10 (including) |
| Msmtp | Martin_lambers | 1.4.11 (including) | 1.4.11 (including) |
| Msmtp | Martin_lambers | 1.4.12 (including) | 1.4.12 (including) |
| Msmtp | Martin_lambers | 1.4.13 (including) | 1.4.13 (including) |
| Msmtp | Martin_lambers | 1.4.14 (including) | 1.4.14 (including) |
| Msmtp | Martin_lambers | 1.4.15 (including) | 1.4.15 (including) |
| Msmtp | Martin_lambers | 1.4.16 (including) | 1.4.16 (including) |
| Msmtp | Martin_lambers | 1.4.17 (including) | 1.4.17 (including) |
| Msmtp | Ubuntu | dapper | * |
| Msmtp | Ubuntu | hardy | * |
| Msmtp | Ubuntu | intrepid | * |
| Msmtp | Ubuntu | jaunty | * |
| Msmtp | Ubuntu | karmic | * |
| Msmtp | Ubuntu | maverick | * |
| Msmtp | Ubuntu | natty | * |
| Msmtp | Ubuntu | oneiric | * |
| Msmtp | Ubuntu | quantal | * |
| Msmtp | Ubuntu | raring | * |
| Msmtp | Ubuntu | saucy | * |
| Msmtp | Ubuntu | upstream | * |