CVE-2009-3767
OpenLDAP: Doesn't properly handle NULL character in subject Common Name
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
libraries/libldap/tls_o.c en OpenLDAP, cuando se usa OpenSSL, no maneja de forma adecuada el caracter '\0' en un nombre de dominio, dentro del campo sujeto del Common Name (CN) en los certificados X.509, lo
que permite a atacantes man-in-the-middle, espíar servidores SSL de su elección a través de certificados manipulados concedidos por Autoridades Certificadoras, esta relacionado con CVE-2009-2408.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-10-23 CVE Reserved
- 2009-10-23 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (18)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=oss-security&m=125198917018936&w=2 | Mailing List | |
| http://marc.info/?l=oss-security&m=125369675820512&w=2 | Mailing List | |
| http://secunia.com/advisories/38769 | Third Party Advisory | |
| http://secunia.com/advisories/40677 | Third Party Advisory | |
| http://support.apple.com/kb/HT3937 | Broken Link |
|
| http://www.vupen.com/english/advisories/2009/3056 | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2010/1858 | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11178 | Signature | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7274 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8&r2=1.11&f=h | 2020-10-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openldap Search vendor "Openldap" | Openldap Search vendor "Openldap" for product "Openldap" | < 2.4.18 Search vendor "Openldap" for product "Openldap" and version " < 2.4.18" | - |
Affected
| in | Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | * | - |
Safe
|
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | < 10.6.2 Search vendor "Apple" for product "Mac Os X" and version " < 10.6.2" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 11 Search vendor "Fedoraproject" for product "Fedora" and version "11" | - |
Affected
| ||||||