Candidate: CVE-2009-3639
PublicDate: 2009-10-28 14:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3639
Description:
 The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2,
 when the dNSNameRequired TLS option is enabled, does not properly handle a
 '\0' character in a domain name in the Subject Alternative Name field of an
 X.509 client certificate, which allows remote attackers to bypass intended
 client-hostname restrictions via a crafted certificate issued by a
 legitimate Certification Authority, a related issue to CVE-2009-2408.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=530719
 http://bugs.proftpd.org/show_bug.cgi?id=3275
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_proftpd-dfsg:
upstream_proftpd-dfsg: released (1.3.2b-1)
dapper_proftpd-dfsg: DNE
hardy_proftpd-dfsg: ignored (reached end-of-life)
intrepid_proftpd-dfsg: needed (reached end-of-life)
jaunty_proftpd-dfsg: ignored (reached end-of-life)
karmic_proftpd-dfsg: ignored (reached end-of-life)
lucid_proftpd-dfsg: not-affected (1.3.2c-1)
maverick_proftpd-dfsg: not-affected (1.3.2c-1)
natty_proftpd-dfsg: not-affected (1.3.2c-1)
oneiric_proftpd-dfsg: not-affected (1.3.2c-1)
devel_proftpd-dfsg: not-affected (1.3.2c-1)