Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 281224 (CVE-2009-2730) - <net-libs/gnutls-2.8.3: X.509 \0 in CN/SAN spoofing vulnerabilities (CVE-2009-2730)
Summary: <net-libs/gnutls-2.8.3: X.509 \0 in CN/SAN spoofing vulnerabilities (CVE-2009...
Alias: CVE-2009-2730
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa]
Depends on: 275695
  Show dependency tree
Reported: 2009-08-12 15:56 UTC by Alex Legler (RETIRED)
Modified: 2012-06-23 14:41 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-08-12 15:56:41 UTC
From $URL:

** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields.
By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS
into 1) not printing the entire CN/SAN field value when printing a
certificate and 2) cause incorrect positive matches when matching a
hostname against a certificate.  Some CAs apparently have poor
checking of CN/SAN values and issue these (arguable invalid)
certificates.  Combined, this can be used by attackers to become a
MITM on server-authenticated TLS sessions.  The problem is mitigated
since attackers needs to get one certificate per site they want to
attack, and the attacker reveals his tracks by applying for a
certificate at the CA.  It does not apply to client authenticated TLS
sessions.  Research presented independently by Dan Kaminsky and Moxie
Marlinspike at BlackHat09.  Thanks to Tomas Hoger <thoger <at>>
for providing one part of the patch.  [GNUTLS-SA-2009-4].
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-08-12 16:09:24 UTC
CVE-2009-2730 (
  libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0'
  character in a domain name in the subject's (1) Common Name (CN) or
  (2) Subject Alternative Name (SAN) field of an X.509 certificate,
  which allows man-in-the-middle attackers to spoof arbitrary SSL
  servers via a crafted certificate issued by a legitimate
  Certification Authority.

Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2009-11-06 23:04:16 UTC
AFAIK a lot of software (e.g. rsyslogd) uses gnutls. That's why, I vote YES.
Comment 3 Tobias Heinlein (RETIRED) gentoo-dev 2010-08-14 14:24:04 UTC
YES too, request filed.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2012-06-23 14:41:11 UTC
This issue was resolved and addressed in
 GLSA 201206-18 at
by GLSA coordinator Sean Amoss (ackle).