libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
| Link | Tags |
|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409 | vdb entry signature |
| http://www.securitytracker.com/id?1022777 | vdb entry |
| http://www.vmware.com/security/advisories/VMSA-2009-0016.html | |
| http://www.openwall.com/lists/oss-security/2009/08/14/6 | mailing list |
| http://www.redhat.com/support/errata/RHSA-2009-1232.html | vendor advisory |
| http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html | vendor advisory |
| http://secunia.com/advisories/36496 | third party advisory |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778 | vdb entry signature |
| http://secunia.com/advisories/36266 | third party advisory vendor advisory |
| http://www.securityfocus.com/archive/1/507985/100/0/threaded | mailing list |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/52404 | vdb entry |
| https://rhn.redhat.com/errata/RHSA-2010-0095.html | vendor advisory |
| http://article.gmane.org/gmane.network.gnutls.general/1733 | vendor advisory |