Summary: | <net-libs/gnutls-2.8.3: X.509 \0 in CN/SAN spoofing vulnerabilities (CVE-2009-2730) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | crypto+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://article.gmane.org/gmane.network.gnutls.general/1733 | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 275695 | ||
Bug Blocks: |
Description
Alex Legler (RETIRED)
2009-08-12 15:56:41 UTC
CVE-2009-2730 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2730): libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. AFAIK a lot of software (e.g. rsyslogd) uses gnutls. That's why, I vote YES. YES too, request filed. This issue was resolved and addressed in GLSA 201206-18 at http://security.gentoo.org/glsa/glsa-201206-18.xml by GLSA coordinator Sean Amoss (ackle). |