Subject Alternative Name
char *p1 = (char *)gn->d.ia5->data;
char *p2 = _ssl_server_cname;
+ /* Name contains embedded NUL characters, so we complain. This
+ * is likely a certificate spoofing attack. */
+ if ((size_t)gn->d.ia5->length != strlen(p1)) {
+ report(stderr, GT_("Bad certificate: Subject Alternative Name contains NUL, aborting!\n"));
+ sk_GENERAL_NAME_free(gens);
+ return 0;
+ }
if (outlevel >= O_VERBOSE)
report(stderr, "Subject Alternative Name: %s\n", p1);
KDE Konqueror allows remote attackers to cause a denial of service
(memory consumption) via a large integer value for the length property
of a Select object, a related issue to CVE-2009-1692. (CVE-2009-2537)
KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a
'\0' (NUL) character in a domain name in the Subject Alternative Name
field of an X.509 certificate, which allows man-in-the-middle attackers
to spoof arbitrary SSL servers via a crafted certificate issued by a
legitimate Certification Authority, a related issue to CVE-2009-2408
(CVE-2009-2702).
CVE-2009-2700
qt4-x11 does not properly handle a '\0' character in a domain name in the
Subject Alternative Name field of an X.509 certificate, which allows
man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification Authority.
Debian bug : 546212
CVE ID : CVE-2009-2702
Dan Kaminsky and Moxie Marlinspike discovered that kdelibs, core libraries from
the official KDE release, does not properly handle a '\0' character in a domain
name in the Subject Alternative Name field of an X.509 certificate, which allows
man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification Authority.
For the oldstable distribution (etch), this problem has been fixed in
Problem Description:
Multiple vulnerabilities was discovered and corrected in kdelibs4:
KDE KSSL in kdelibs does not properly handle a \'\0\' (NUL)
character in a domain name in the Subject Alternative Name field of
an X.509 certificate, which allows man-in-the-middle attackers to
spoof arbitrary SSL servers via a crafted certificate issued by a
legitimate Certification Authority, a related issue to CVE-2009-2408
(CVE-2009-2702).
Multiple vulnerabilities has been found and corrected in irssi:
Irssi before 0.8.15, when SSL is used, does not verify that the server
hostname matches a domain name in the subject's Common Name (CN)
field or a Subject Alternative Name field of the X.509 certificate,
which allows man-in-the-middle attackers to spoof IRC servers via an
arbitrary certificate (CVE-2010-1155).
core/nicklist.c in Irssi before 0.8.15 allows remote attackers to cause
a denial of service (NULL pointer dereference and application crash)
the necessary changes.
Details follow:
It was discovered that Qt did not properly handle certificates with NULL
characters in the Subject Alternative Name field of X.509 certificates. An
attacker could exploit this to perform a man in the middle attack to view
sensitive information or alter encrypted communications. (CVE-2009-2700)
Updated packages for Ubuntu 8.04 LTS:
Debian-specific: no
CVE Id : CVE-2009-3639
It has been discovered that proftpd-dfsg, a virtual-hosting FTP daemon,
does not properly handle a '\0' character in a domain name in the
Subject Alternative Name field of an X.509 client certificate, when the
dNSNameRequired TLS option is enabled.
For the stable distribution (lenny), this problem has been fixed in
version 1.3.1-17lenny4.
CVE Ids : CVE-2009-2409 CVE-2009-2730
Dan Kaminsky and Moxie Marlinspike discovered that gnutls, an implementation of
the TLS/SSL protocol, does not properly handle a '\0' character in a domain name
in the subject's Common Name or Subject Alternative Name (SAN) field of an X.509
certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL
servers via a crafted certificate issued by a legitimate Certification
Authority. (CVE-2009-2730)
In addition, with this update, certificates with MD2 hash signatures are no
the necessary changes.
Details follow:
It was discovered that KDE did not properly handle certificates with NULL
characters in the Subject Alternative Name field of X.509 certificates. An
attacker could exploit this to perform a man in the middle attack to view
sensitive information or alter encrypted communications.
Updated packages for Ubuntu 8.04 LTS:
A vulnerability has been found and corrected in qt4:
src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x
does not properly handle a '\0' character in a domain name in the
Subject Alternative Name field of an X.509 certificate, which allows
man-in-the-middle attackers to spoof arbitrary SSL servers via a
crafted certificate issued by a legitimate Certification Authority,
a related issue to CVE-2009-2408 (CVE-2009-2700).
This update provides a solution to this vulnerability.
Multiple vulnerabilities was discovered and corrected in kdelibs4:
KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a
\'\0\' (NUL) character in a domain name in the Subject Alternative
Name field of an X.509 certificate, which allows man-in-the-middle
attackers to spoof arbitrary SSL servers via a crafted certificate
issued by a legitimate Certification Authority, a related issue to
CVE-2009-2408 (CVE-2009-2702).
The JavaScript garbage collector in WebKit in Apple Safari before
Multiple vulnerabilities was discovered and corrected in kdelibs4:
KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a
\'\0\' (NUL) character in a domain name in the Subject Alternative
Name field of an X.509 certificate, which allows man-in-the-middle
attackers to spoof arbitrary SSL servers via a crafted certificate
issued by a legitimate Certification Authority, a related issue to
CVE-2009-2408 (CVE-2009-2702).
KDE Konqueror allows remote attackers to cause a denial of service
|
