Red Hat Bugzilla – Bug 520454
CVE-2009-3490 wget: incorrect verification of SSL certificate with NUL in name
Last modified: 2012-03-23 06:31:26 EDT
A method to bypass SSL certificate name vs. host name verification via NUL
('\0') character embedded in X509 certificate's CommonName or subjectAltName
was presented at Black Hat USA 2009:
Similar problem affected wget (from a testing and very quick look at the code, subjectAltNames are not supported, hence only CommonName is a vector).
Upstream bug report:
http://savannah.gnu.org/bugs/?27183 (currently not public)
Contents of upstream bug report, leaked via wget-notify list:
wget 1.12 was released including this fix:
This issue has been addressed in following products:
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
Via RHSA-2009:1549 https://rhn.redhat.com/errata/RHSA-2009-1549.html
wget-1.12-1.fc11 has been submitted as an update for Fedora 11.
wget-1.12-1.fc12 has been submitted as an update for Fedora 12.
wget-1.12-1.fc10 has been submitted as an update for Fedora 10.
wget-1.12-2.fc12 has been submitted as an update for Fedora 12.
wget-1.12-2.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
wget-1.12-2.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
wget-1.12-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.