Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571)
Informations
Name MS09-056 First vendor Publication 2009-10-13
Vendor Microsoft Last vendor Modification 2009-10-13
Severity (Vendor) Important Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: Bulletin published.Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow spoofing if an attacker gains access to the certificate used by the end user for authentication.

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-310 Cryptographic Issues
50 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5842
 
Oval ID: oval:org.mitre.oval:def:5842
Title: Null Truncation in X.509 Common Name Vulnerability
Description: The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2510
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft ASN.1 Library
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6186
 
Oval ID: oval:org.mitre.oval:def:6186
Title: Integer Overflow in X.509 Object Identifiers Vulnerability
Description: Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-2511
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft ASN.1 Library
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1
Os 3
Os 1
Os 1
Os 11
Os 4
Os 4

OpenVAS Exploits

Date Description
2009-10-14 Name : Microsoft Windows CryptoAPI X.509 Spoofing Vulnerabilities (974571)
File : nvt/secpod_ms09-056.nasl
2009-10-06 Name : Microsoft IE CA SSL Certificate Security Bypass Vulnerability - Oct09
File : nvt/gb_ms_ie_ssl_certi_sec_bypass_vuln_oct09.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
58856 Microsoft Windows CryptoAPI X.509 Certificate Object Identifier Handling Over...

58855 Microsoft Windows CryptoAPI X.509 Certificate Common Name Null Truncation Spo...

Information Assurance Vulnerability Management (IAVM)

Date Description
2009-10-15 IAVM : 2009-A-0095 - Multiple Vulnerabilities in Microsoft Windows CryptoAPI
Severity : Category I - VMSKEY : V0021760

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Windows CryptoAPI common name spoofing attempt
RuleID : 24490 - Revision : 4 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows CryptoAPI common name spoofing attempt
RuleID : 24489 - Revision : 4 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows CryptoAPI common name spoofing attempt
RuleID : 24488 - Revision : 4 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows CryptoAPI ASN.1 integer overflow attempt
RuleID : 16181 - Revision : 10 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date Description
2009-12-01 Name : A client application installed on the remote Windows host is affected by a ma...
File : citrix_ica_client_ssl_mitm.nasl - Type : ACT_GATHER_INFO
2009-10-13 Name : Certain identity validation methods may be bypassed allowing impersonation.
File : smb_nt_ms09-056.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2014-02-17 11:46:21
  • Multiple Updates
2014-01-19 21:30:23
  • Multiple Updates
2013-11-11 12:41:13
  • Multiple Updates