Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 281224 (CVE-2009-2730)

Summary: <net-libs/gnutls-2.8.3: X.509 \0 in CN/SAN spoofing vulnerabilities (CVE-2009-2730)
Product: Gentoo Security Reporter: Alex Legler (RETIRED) <a3li>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: crypto+disabled
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://article.gmane.org/gmane.network.gnutls.general/1733
Whiteboard: A3 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 275695    
Bug Blocks:    

Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-08-12 15:56:41 UTC 
From $URL:

** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields.
By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS
into 1) not printing the entire CN/SAN field value when printing a
certificate and 2) cause incorrect positive matches when matching a
hostname against a certificate.  Some CAs apparently have poor
checking of CN/SAN values and issue these (arguable invalid)
certificates.  Combined, this can be used by attackers to become a
MITM on server-authenticated TLS sessions.  The problem is mitigated
since attackers needs to get one certificate per site they want to
attack, and the attacker reveals his tracks by applying for a
certificate at the CA.  It does not apply to client authenticated TLS
sessions.  Research presented independently by Dan Kaminsky and Moxie
Marlinspike at BlackHat09.  Thanks to Tomas Hoger <thoger <at> redhat.com>
for providing one part of the patch.  [GNUTLS-SA-2009-4].
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-08-12 16:09:24 UTC 
CVE-2009-2730 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2730):
  libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0'
  character in a domain name in the subject's (1) Common Name (CN) or
  (2) Subject Alternative Name (SAN) field of an X.509 certificate,
  which allows man-in-the-middle attackers to spoof arbitrary SSL
  servers via a crafted certificate issued by a legitimate
  Certification Authority.
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2009-11-06 23:04:16 UTC 
AFAIK a lot of software (e.g. rsyslogd) uses gnutls. That's why, I vote YES.
Comment 3 Tobias Heinlein (RETIRED) gentoo-dev 2010-08-14 14:24:04 UTC 
YES too, request filed.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2012-06-23 14:41:11 UTC 
This issue was resolved and addressed in
 GLSA 201206-18 at http://security.gentoo.org/glsa/glsa-201206-18.xml
by GLSA coordinator Sean Amoss (ackle).