Red Hat Bugzilla – Bug 516231
CVE-2009-2730 gnutls: incorrect verification of SSL certificate with NUL in name (GNUTLS-SA-2009-4)
Last modified: 2012-03-20 11:42:24 EDT
A method to bypass SSL certificate name vs. host name verification via NUL
('\0') character embedded in X509 certificate's CommonName or subjectAltName
was presented at Black Hat USA 2009:
This issue was originally reported for Firefox / NSS, but it affects GnuTLS' gnutls_x509_crt_check_hostname() too.
Note: 2.8.2 contains one unintended change, that can cause NULL defer crash and is already reverted in upstream git:
gnutls-2.6.6-2.fc11 has been submitted as an update for Fedora 11.
gnutls-2.4.2-4.fc10 has been submitted as an update for Fedora 10.
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2009:1232 https://rhn.redhat.com/errata/RHSA-2009-1232.html
gnutls-2.6.6-3.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
gnutls-2.4.2-5.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.