{"id":"CVE-2009-3639","details":"The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.","modified":"2026-01-27T04:10:01.861470Z","published":"2009-10-28T14:30:00Z","withdrawn":"2026-01-27T04:10:01.861470Z","related":["openSUSE-SU-2024:10048-1"],"references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/37131"},{"type":"ADVISORY","url":"http://secunia.com/advisories/37219"},{"type":"ADVISORY","url":"http://www.debian.org/security/2009/dsa-1925"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:288"},{"type":"FIX","url":"http://www.securityfocus.com/bid/36804"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=530719"},{"type":"WEB","url":"http://bugs.proftpd.org/show_bug.cgi?id=3275"},{"type":"WEB","url":"http://marc.info/?l=oss-security&m=125630966510672&w=2"},{"type":"WEB","url":"http://marc.info/?l=oss-security&m=125632960508211&w=2"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/53936"},{"type":"WEB","url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00642.html"},{"type":"WEB","url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00649.html"}],"schema_version":"1.7.3"}