MDVSA-2009:203-1Executive Summary
| Informations | |||
|---|---|---|---|
| Name | MDVSA-2009:203-1 | First vendor Publication | 2009-12-04 |
| Vendor | Mandriva | Last vendor Modification | 2009-12-04 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentification | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
A vulnerability has been found and corrected in curl: lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2417). This update provides a solution to this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. |
Original Source
| Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:203-1 |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-310 | Cryptographic Issues |
| CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:8458 | |||
| Oval ID: | oval:org.mitre.oval:def:8458 | ||
| Title: | VMware Network Security Services (NSS) does not properly handle '\0' character | ||
| Description: | Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2408 |
Version: | 2 |
| Platform(s): | VMWare ESX Server 4 |
Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:10751 | |||
| Oval ID: | oval:org.mitre.oval:def:10751 | ||
| Title: | Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. | ||
| Description: | Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2408 |
Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 |
Product(s): | |
| Definition Synopsis: | |||
|
|||
| Definition Id: oval:org.mitre.oval:def:8542 | |||
| Oval ID: | oval:org.mitre.oval:def:8542 | ||
| Title: | VMware curl vulnerability | ||
| Description: | lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2417 |
Version: | 2 |
| Platform(s): | VMWare ESX Server 4 |
Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:10114 | |||
| Oval ID: | oval:org.mitre.oval:def:10114 | ||
| Title: | lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||
| Description: | lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2417 |
Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 |
Product(s): | |
| Definition Synopsis: | |||
|
|||
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 62879 | SSH Tectia Audit Player X.509 Certificate Authority (CA) Common Name Null Byt... |
| 56994 | cURL/libcURL w/ OpenSSL X.509 Certificate Authority (CA) Common Name Null Byt... |
| 56723 | Mozilla Multiple Products Certificate Authority (CA) Common Name Null Byte Ha... |
(High)
(Medium)
