QwikSec

Security Database

CVE

CWE

Training

CVE-2009-3767

Published: Oct 23, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

FEDORA-2010-0752

vendor-advisory

x_refsource_FEDORA

[oss-security] 20090923 Re: More CVE-2009-2408 like issues

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_GENTOO

oval:org.mitre.oval:def:11178

vdb-entry

signature

x_refsource_OVAL

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

oval:org.mitre.oval:def:7274

vdb-entry

signature

x_refsource_OVAL

http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8&r2=1.11&f=h

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

SUSE-SR:2009:016

vendor-advisory

x_refsource_SUSE

third-party-advisory

x_refsource_SECUNIA

APPLE-SA-2009-11-09-1

vendor-advisory

x_refsource_APPLE

http://support.apple.com/kb/HT3937

x_refsource_CONFIRM

[oss-security] 20090903 More CVE-2009-2408 like issues

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.