CVE-2009-2666

Name of the Vulnerable Software and Affected Versions fetchmail versions prior to 6.3.11

Description The issue arises from improper handling of a '0' character in a domain name within the subject's Common Name (CN) field of an X.509 certificate in socket.c. This allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Recommendations For versions prior to 6.3.11, update to version 6.3.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of SSL connections to trusted servers until the update is applied.