CVE-2009-2409

Impact:
Moderate
Public Date:
2009-07-29
Bugzilla:
510197: CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky)

The MITRE CVE dictionary describes this issue as:

The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.

Find out more about CVE-2009-2409 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 2.6
Base Metrics AV:N/AC:H/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity High
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (java-1.6.0-openjdk) RHSA-2009:1584 2009-11-16
Red Hat Enterprise Linux AS version 4 Extras (java-1.6.0-sun) RHSA-2009:1560 2009-11-09
Red Hat Enterprise Linux Supplementary 5 (java-1.5.0-sun) RHSA-2009:1571 2009-11-10
Red Hat Enterprise Linux EUS (v. 5.2 server) (nss) RHSA-2009:1207 2009-08-12
Red Hat Enterprise Linux AS version 4 Extras (java-1.5.0-sun) RHSA-2009:1571 2009-11-10
Red Hat Enterprise Linux 3 (openssl) RHSA-2010:0163 2010-03-25
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-sun) RHSA-2009:1560 2009-11-09
Red Hat Enterprise Linux Extended Update Support 4.7 (nss) RHSA-2009:1190 2009-07-31
Red Hat Satellite 5.1 (RHEL v.4 AS) (java-1.5.0-sun) RHSA-2009:1662 2009-12-11
Red Hat Enterprise Linux 5 (nss) RHSA-2009:1186 2009-07-30
Red Hat Enterprise Linux 4 (openssl) RHSA-2010:0163 2010-03-25
Red Hat Enterprise Linux 3 (seamonkey) RHSA-2009:1432 2009-09-09
Red Hat Enterprise Linux 5 (gnutls) RHSA-2010:0166 2010-03-25
Red Hat Enterprise Linux 4 (nss) RHSA-2009:1184 2009-07-30
Red Hat Enterprise Linux 5 (openssl) RHSA-2010:0054 2010-01-20

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.