ID CVE-2009-2730
Summary libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
References
Vulnerable Configurations
  • GNU GnuTLS 1.0.16
    cpe:2.3:a:gnu:gnutls:1.0.16
  • GNU GnuTLS 1.0.17
    cpe:2.3:a:gnu:gnutls:1.0.17
  • GNU GnuTLS 1.0.18
    cpe:2.3:a:gnu:gnutls:1.0.18
  • GNU GnuTLS 1.0.19
    cpe:2.3:a:gnu:gnutls:1.0.19
  • GNU GnuTLS 1.0.20
    cpe:2.3:a:gnu:gnutls:1.0.20
  • GNU GnuTLS 1.0.21
    cpe:2.3:a:gnu:gnutls:1.0.21
  • GNU GnuTLS 1.0.22
    cpe:2.3:a:gnu:gnutls:1.0.22
  • GNU GnuTLS 1.0.23
    cpe:2.3:a:gnu:gnutls:1.0.23
  • GNU GnuTLS 1.0.24
    cpe:2.3:a:gnu:gnutls:1.0.24
  • GNU GnuTLS 1.0.25
    cpe:2.3:a:gnu:gnutls:1.0.25
  • GNU GnuTLS 1.1.13
    cpe:2.3:a:gnu:gnutls:1.1.13
  • GNU GnuTLS 1.1.14
    cpe:2.3:a:gnu:gnutls:1.1.14
  • GNU GnuTLS 1.1.15
    cpe:2.3:a:gnu:gnutls:1.1.15
  • GNU GnuTLS 1.1.16
    cpe:2.3:a:gnu:gnutls:1.1.16
  • GNU GnuTLS 1.1.17
    cpe:2.3:a:gnu:gnutls:1.1.17
  • GNU GnuTLS 1.1.18
    cpe:2.3:a:gnu:gnutls:1.1.18
  • GNU GnuTLS 1.1.19
    cpe:2.3:a:gnu:gnutls:1.1.19
  • GNU GnuTLS 1.1.20
    cpe:2.3:a:gnu:gnutls:1.1.20
  • GNU GnuTLS 1.1.21
    cpe:2.3:a:gnu:gnutls:1.1.21
  • GNU GnuTLS 1.1.22
    cpe:2.3:a:gnu:gnutls:1.1.22
  • GNU GnuTLS 1.1.23
    cpe:2.3:a:gnu:gnutls:1.1.23
  • GNU GnuTLS 1.2.0
    cpe:2.3:a:gnu:gnutls:1.2.0
  • GNU GnuTLS 1.2.1
    cpe:2.3:a:gnu:gnutls:1.2.1
  • GNU GnuTLS 1.2.2
    cpe:2.3:a:gnu:gnutls:1.2.2
  • GNU GnuTLS 1.2.3
    cpe:2.3:a:gnu:gnutls:1.2.3
  • GNU GnuTLS 1.2.4
    cpe:2.3:a:gnu:gnutls:1.2.4
  • GNU GnuTLS 1.2.5
    cpe:2.3:a:gnu:gnutls:1.2.5
  • GNU GnuTLS 1.2.6
    cpe:2.3:a:gnu:gnutls:1.2.6
  • GNU GnuTLS 1.2.7
    cpe:2.3:a:gnu:gnutls:1.2.7
  • GNU GnuTLS 1.2.8
    cpe:2.3:a:gnu:gnutls:1.2.8
  • GNU GnuTLS 1.2.8.1a1
    cpe:2.3:a:gnu:gnutls:1.2.8.1a1
  • GNU GnuTLS 1.2.9
    cpe:2.3:a:gnu:gnutls:1.2.9
  • GNU GnuTLS 1.2.10
    cpe:2.3:a:gnu:gnutls:1.2.10
  • GNU GnuTLS 1.2.11
    cpe:2.3:a:gnu:gnutls:1.2.11
  • GNU GnuTLS 1.3.0
    cpe:2.3:a:gnu:gnutls:1.3.0
  • GNU GnuTLS 1.3.1
    cpe:2.3:a:gnu:gnutls:1.3.1
  • GNU GnuTLS 1.3.2
    cpe:2.3:a:gnu:gnutls:1.3.2
  • GNU GnuTLS 1.3.3
    cpe:2.3:a:gnu:gnutls:1.3.3
  • GNU GnuTLS 1.3.4
    cpe:2.3:a:gnu:gnutls:1.3.4
  • GNU GnuTLS 1.3.5
    cpe:2.3:a:gnu:gnutls:1.3.5
  • GNU GnuTLS 1.4.0
    cpe:2.3:a:gnu:gnutls:1.4.0
  • GNU GnuTLS 1.4.1
    cpe:2.3:a:gnu:gnutls:1.4.1
  • GNU GnuTLS 1.4.2
    cpe:2.3:a:gnu:gnutls:1.4.2
  • GNU GnuTLS 1.4.3
    cpe:2.3:a:gnu:gnutls:1.4.3
  • GNU GnuTLS 1.4.4
    cpe:2.3:a:gnu:gnutls:1.4.4
  • GNU GnuTLS 1.4.5
    cpe:2.3:a:gnu:gnutls:1.4.5
  • GNU GnuTLS 1.5.0
    cpe:2.3:a:gnu:gnutls:1.5.0
  • GNU GnuTLS 1.5.1
    cpe:2.3:a:gnu:gnutls:1.5.1
  • GNU GnuTLS 1.5.2
    cpe:2.3:a:gnu:gnutls:1.5.2
  • GNU GnuTLS 1.5.3
    cpe:2.3:a:gnu:gnutls:1.5.3
  • GNU GnuTLS 1.5.4
    cpe:2.3:a:gnu:gnutls:1.5.4
  • GNU GnuTLS 1.5.5
    cpe:2.3:a:gnu:gnutls:1.5.5
  • GNU GnuTLS 1.6.0
    cpe:2.3:a:gnu:gnutls:1.6.0
  • GNU GnuTLS 1.6.1
    cpe:2.3:a:gnu:gnutls:1.6.1
  • GNU GnuTLS 1.6.2
    cpe:2.3:a:gnu:gnutls:1.6.2
  • GNU GnuTLS 1.6.3
    cpe:2.3:a:gnu:gnutls:1.6.3
  • GNU GnuTLS 1.7.0
    cpe:2.3:a:gnu:gnutls:1.7.0
  • GNU GnuTLS 1.7.1
    cpe:2.3:a:gnu:gnutls:1.7.1
  • GNU GnuTLS 1.7.2
    cpe:2.3:a:gnu:gnutls:1.7.2
  • GNU GnuTLS 1.7.3
    cpe:2.3:a:gnu:gnutls:1.7.3
  • GNU GnuTLS 1.7.4
    cpe:2.3:a:gnu:gnutls:1.7.4
  • GNU GnuTLS 1.7.5
    cpe:2.3:a:gnu:gnutls:1.7.5
  • GNU GnuTLS 1.7.6
    cpe:2.3:a:gnu:gnutls:1.7.6
  • GNU GnuTLS 1.7.7
    cpe:2.3:a:gnu:gnutls:1.7.7
  • GNU GnuTLS 1.7.8
    cpe:2.3:a:gnu:gnutls:1.7.8
  • GNU GnuTLS 1.7.9
    cpe:2.3:a:gnu:gnutls:1.7.9
  • GNU GnuTLS 1.7.10
    cpe:2.3:a:gnu:gnutls:1.7.10
  • GNU GnuTLS 1.7.11
    cpe:2.3:a:gnu:gnutls:1.7.11
  • GNU GnuTLS 1.7.12
    cpe:2.3:a:gnu:gnutls:1.7.12
  • GNU GnuTLS 1.7.13
    cpe:2.3:a:gnu:gnutls:1.7.13
  • GNU GnuTLS 1.7.14
    cpe:2.3:a:gnu:gnutls:1.7.14
  • GNU GnuTLS 1.7.15
    cpe:2.3:a:gnu:gnutls:1.7.15
  • GNU GnuTLS 1.7.16
    cpe:2.3:a:gnu:gnutls:1.7.16
  • GNU GnuTLS 1.7.17
    cpe:2.3:a:gnu:gnutls:1.7.17
  • GNU GnuTLS 1.7.18
    cpe:2.3:a:gnu:gnutls:1.7.18
  • GNU GnuTLS 1.7.19
    cpe:2.3:a:gnu:gnutls:1.7.19
  • GNU GnuTLS 2.0.0
    cpe:2.3:a:gnu:gnutls:2.0.0
  • GNU GnuTLS 2.0.1
    cpe:2.3:a:gnu:gnutls:2.0.1
  • GNU GnuTLS 2.0.2
    cpe:2.3:a:gnu:gnutls:2.0.2
  • GNU GnuTLS 2.0.3
    cpe:2.3:a:gnu:gnutls:2.0.3
  • GNU GnuTLS 2.0.4
    cpe:2.3:a:gnu:gnutls:2.0.4
  • GNU GnuTLS 2.1.0
    cpe:2.3:a:gnu:gnutls:2.1.0
  • GNU GnuTLS 2.1.1
    cpe:2.3:a:gnu:gnutls:2.1.1
  • GNU GnuTLS 2.1.2
    cpe:2.3:a:gnu:gnutls:2.1.2
  • GNU GnuTLS 2.1.3
    cpe:2.3:a:gnu:gnutls:2.1.3
  • GNU GnuTLS 2.1.4
    cpe:2.3:a:gnu:gnutls:2.1.4
  • GNU GnuTLS 2.1.5
    cpe:2.3:a:gnu:gnutls:2.1.5
  • GNU GnuTLS 2.1.6
    cpe:2.3:a:gnu:gnutls:2.1.6
  • GNU GnuTLS 2.1.7
    cpe:2.3:a:gnu:gnutls:2.1.7
  • GNU GnuTLS 2.1.8
    cpe:2.3:a:gnu:gnutls:2.1.8
  • GNU GnuTLS 2.2.0
    cpe:2.3:a:gnu:gnutls:2.2.0
  • GNU GnuTLS 2.2.1
    cpe:2.3:a:gnu:gnutls:2.2.1
  • GNU GnuTLS 2.2.2
    cpe:2.3:a:gnu:gnutls:2.2.2
  • GNU GnuTLS 2.2.3
    cpe:2.3:a:gnu:gnutls:2.2.3
  • GNU GnuTLS 2.2.4
    cpe:2.3:a:gnu:gnutls:2.2.4
  • GNU GnuTLS 2.2.5
    cpe:2.3:a:gnu:gnutls:2.2.5
  • GNU GnuTLS 2.3.0
    cpe:2.3:a:gnu:gnutls:2.3.0
  • GNU GnuTLS 2.3.1
    cpe:2.3:a:gnu:gnutls:2.3.1
  • GNU GnuTLS 2.3.2
    cpe:2.3:a:gnu:gnutls:2.3.2
  • GNU GnuTLS 2.3.3
    cpe:2.3:a:gnu:gnutls:2.3.3
  • GNU GnuTLS 2.3.4
    cpe:2.3:a:gnu:gnutls:2.3.4
  • GNU GnuTLS 2.3.5
    cpe:2.3:a:gnu:gnutls:2.3.5
  • GNU GnuTLS 2.3.6
    cpe:2.3:a:gnu:gnutls:2.3.6
  • GNU GnuTLS 2.3.7
    cpe:2.3:a:gnu:gnutls:2.3.7
  • GNU GnuTLS 2.3.8
    cpe:2.3:a:gnu:gnutls:2.3.8
  • GNU GnuTLS 2.3.9
    cpe:2.3:a:gnu:gnutls:2.3.9
  • GNU GnuTLS 2.3.10
    cpe:2.3:a:gnu:gnutls:2.3.10
  • GNU GnuTLS 2.3.11
    cpe:2.3:a:gnu:gnutls:2.3.11
  • GNU GnuTLS 2.4.0
    cpe:2.3:a:gnu:gnutls:2.4.0
  • GNU GnuTLS 2.4.1
    cpe:2.3:a:gnu:gnutls:2.4.1
  • GNU GnuTLS 2.4.2
    cpe:2.3:a:gnu:gnutls:2.4.2
  • GNU GnuTLS 2.5.0
    cpe:2.3:a:gnu:gnutls:2.5.0
  • GNU GnuTLS 2.6.0
    cpe:2.3:a:gnu:gnutls:2.6.0
  • GNU GnuTLS 2.6.1
    cpe:2.3:a:gnu:gnutls:2.6.1
  • GNU GnuTLS 2.6.2
    cpe:2.3:a:gnu:gnutls:2.6.2
  • GNU GnuTLS 2.6.3
    cpe:2.3:a:gnu:gnutls:2.6.3
  • GNU GnuTLS 2.6.4
    cpe:2.3:a:gnu:gnutls:2.6.4
  • GNU GnuTLS 2.6.5
    cpe:2.3:a:gnu:gnutls:2.6.5
  • GNU GnuTLS 2.6.6
    cpe:2.3:a:gnu:gnutls:2.6.6
  • GNU GnuTLS 2.8.0
    cpe:2.3:a:gnu:gnutls:2.8.0
  • GNU GnuTLS 2.8.1
    cpe:2.3:a:gnu:gnutls:2.8.1
CVSS
Base: 7.5 (as of 12-08-2009 - 12:19)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8622.NASL
    description This update fixes handling of NUL characters in certificate Common Name or subjectAltName fields especially in regards to comparsion to hostnames. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 41629
    published 2009-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41629
    title Fedora 10 : gnutls-2.4.2-5.fc10 (2009-8622)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GNUTLS-6471.NASL
    description This update of gnutls improves the verification of the domain/subject names in SSL certificates (CVE-2009-2730).
    last seen 2019-01-16
    modified 2014-06-13
    plugin id 42002
    published 2009-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42002
    title openSUSE 10 Security Update : gnutls (gnutls-6471)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201110-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-201110-05 (GnuTLS: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. Impact : An attacker could perform man-in-the-middle attacks to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority or to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream, allowing for further exploitation. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-07-11
    plugin id 56458
    published 2011-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56458
    title GLSA-201110-05 : GnuTLS: Multiple vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1232.NASL
    description Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake. (CVE-2009-2730) Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects this issue.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 40782
    published 2009-08-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40782
    title RHEL 4 / 5 : gnutls (RHSA-2009:1232)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1935.NASL
    description Dan Kaminsky and Moxie Marlinspike discovered that gnutls, an implementation of the TLS/SSL protocol, does not properly handle a '\0' character in a domain name in the subject's Common Name or Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. (CVE-2009-2730 ) In addition, with this update, certificates with MD2 hash signatures are no longer accepted since they're no longer considered cryptograhically secure. It only affects the oldstable distribution (etch).(CVE-2009-2409 )
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 44800
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44800
    title Debian DSA-1935-1 : gnutls13 gnutls26 - several vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201206-18.NASL
    description The remote host is affected by the vulnerability described in GLSA-201206-18 (GnuTLS: Multiple vulnerabilities) Multiple vulnerabilities have been found in GnuTLS: An error in libgnutls does not properly sanitize '\\0' characters from certificate fields (CVE-2009-2730). An error in the TLS and SSL protocols mistreats renegotiation handshakes (CVE-2009-3555). A boundary error in the 'gnutls_session_get_data()' function in gnutls_session.c could cause a buffer overflow (CVE-2011-4128). An error in the '_gnutls_ciphertext2compressed()' function in gnutls_cipher.c could cause memory corruption (CVE-2012-1573). Impact : A remote attacker could perform man-in-the-middle attacks to spoof arbitrary SSL servers or cause a Denial of Service condition in applications linked against GnuTLS. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-07-11
    plugin id 59671
    published 2012-06-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59671
    title GLSA-201206-18 : GnuTLS: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_GNUTLS-090901.NASL
    description This update of gnutls improves the verification of the domain/subject names in a SSL certificate. CVE-2009-2730 has been assigned to this issue.
    last seen 2019-01-16
    modified 2013-10-25
    plugin id 41399
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41399
    title SuSE 11 Security Update : GnuTLS (SAT Patch Number 1260)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8565.NASL
    description This update fixes handling of NUL characters in certificate Common Name or subjectAltName fields especially in regards to comparsion to hostnames. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 41628
    published 2009-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41628
    title Fedora 11 : gnutls-2.6.6-3.fc11 (2009-8565)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-308.NASL
    description Multiple vulnerabilities has been found and corrected in gnutls : gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup (CVE-2009-1417). A vulnerability have been discovered and corrected in GnuTLS before 2.8.2, which could allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority (CVE-2009-2730). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update fixes this vulnerability.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 42994
    published 2009-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42994
    title Mandriva Linux Security Advisory : gnutls (MDVSA-2009:308)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1232.NASL
    description Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake. (CVE-2009-2730) Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects this issue.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 40779
    published 2009-08-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40779
    title CentOS 4 / 5 : gnutls (CESA-2009:1232)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_GNUTLS-090901.NASL
    description This update of gnutls improves the verification of the domain/subject names in SSL certificates (CVE-2009-2730).
    last seen 2019-01-16
    modified 2014-06-13
    plugin id 40903
    published 2009-09-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40903
    title openSUSE Security Update : gnutls (gnutls-1259)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-809-1.NASL
    description Moxie Marlinspike and Dan Kaminsky independently discovered that GnuTLS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2730) Dan Kaminsky discovered GnuTLS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This issue only affected Ubuntu 6.06 LTS and Ubuntu 8.10. (CVE-2009-2409) USN-678-1 fixed a vulnerability and USN-678-2 a regression in GnuTLS. The upstream patches introduced a regression when validating certain certificate chains that would report valid certificates as untrusted. This update fixes the problem, and only affected Ubuntu 6.06 LTS and Ubuntu 8.10 (Ubuntu 8.04 LTS and 9.04 were fixed at an earlier date). In an effort to maintain a strong security stance and address all known regressions, this update deprecates X.509 validation chains using MD2 and MD5 signatures. To accomodate sites which must still use a deprected RSA-MD5 certificate, GnuTLS has been updated to stop looking when it has found a trusted intermediary certificate. This new handling of intermediary certificates is in accordance with other SSL implementations. Martin von Gagern discovered that GnuTLS did not properly verify certificate chains when the last certificate in the chain was self-signed. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2008-4989). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 40656
    published 2009-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40656
    title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : gnutls12, gnutls13, gnutls26 vulnerabilities (USN-809-1)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2009-290-01.NASL
    description New gnutls packages are available for Slackware 12.1, 12.2, 13.0, and -current to fix a security issue.
    last seen 2019-01-03
    modified 2019-01-02
    plugin id 42168
    published 2009-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42168
    title Slackware 12.1 / 12.2 / 13.0 / current : gnutls (SSA:2009-290-01)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12501.NASL
    description This update of GnuTLS improves the verification of the domain/subject names in a SSL certificate. CVE-2009-2730 has been assigned to this issue.
    last seen 2019-01-16
    modified 2012-04-23
    plugin id 41323
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41323
    title SuSE9 Security Update : GnuTLS (YOU Patch Number 12501)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-210.NASL
    description A vulnerability have been discovered and corrected in GnuTLS before 2.8.2, which could allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority (CVE-2009-2730). This update fixes this vulnerability.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 40695
    published 2009-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40695
    title Mandriva Linux Security Advisory : gnutls (MDVSA-2009:210)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090826_GNUTLS_ON_SL4_X.NASL
    description CVE-2009-2730 gnutls: incorrect verification of SSL certificate with NUL in name (GNUTLS-SA-2009-4) A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake. (CVE-2009-2730)
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 60647
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60647
    title Scientific Linux Security Update : gnutls on SL4.x, SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_GNUTLS-100208.NASL
    description gnutls did not properly handle embedded '\0' characters in x509 certificates. Attackers using specially crafted certificates could exploit that to conduct man-in-the-middle attacks (CVE-2009-2730).
    last seen 2019-01-16
    modified 2014-06-13
    plugin id 44618
    published 2010-02-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44618
    title openSUSE Security Update : gnutls (gnutls-1938)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_GNUTLS-090901.NASL
    description This update of gnutls improves the verification of the domain/subject names in SSL certificates (CVE-2009-2730).
    last seen 2019-01-16
    modified 2014-06-13
    plugin id 40904
    published 2009-09-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40904
    title openSUSE Security Update : gnutls (gnutls-1259)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1232.NASL
    description From Red Hat Security Advisory 2009:1232 : Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake. (CVE-2009-2730) Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects this issue.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 67916
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67916
    title Oracle Linux 4 / 5 : gnutls (ELSA-2009-1232)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_856A6F848B3011DE806200E0815B8DA8.NASL
    description GnuTLS reports : By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS into 1) not printing the entire CN/SAN field value when printing a certificate and 2) cause incorrect positive matches when matching a hostname against a certificate.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 40659
    published 2009-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40659
    title FreeBSD : GnuTLS -- improper SSL certificate verification (856a6f84-8b30-11de-8062-00e0815b8da8)
oval via4
  • accepted 2013-04-29T04:08:38.610-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
    family unix
    id oval:org.mitre.oval:def:10778
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
    version 25
  • accepted 2014-01-20T04:01:39.141-05:00
    class vulnerability
    contributors
    • name Pai Peng
      organization Hewlett-Packard
    • name Chris Coffin
      organization The MITRE Corporation
    definition_extensions
    comment VMware ESX Server 4.0 is installed
    oval oval:org.mitre.oval:def:6293
    description libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
    family unix
    id oval:org.mitre.oval:def:8409
    status accepted
    submitted 2010-03-19T16:57:59.000-04:00
    title VMware GnuTLS vulnerability
    version 7
redhat via4
advisories
  • bugzilla
    id 516231
    title CVE-2009-2730 gnutls: incorrect verification of SSL certificate with NUL in name (GNUTLS-SA-2009-4)
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhsa:tst:20060016001
      • OR
        • AND
          • comment gnutls is earlier than 0:1.0.20-4.el4_8.3
            oval oval:com.redhat.rhsa:tst:20091232002
          • comment gnutls is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20080492003
        • AND
          • comment gnutls-devel is earlier than 0:1.0.20-4.el4_8.3
            oval oval:com.redhat.rhsa:tst:20091232004
          • comment gnutls-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20080492005
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhsa:tst:20070055001
      • OR
        • AND
          • comment gnutls is earlier than 0:1.4.1-3.el5_3.5
            oval oval:com.redhat.rhsa:tst:20091232007
          • comment gnutls is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20080489003
        • AND
          • comment gnutls-devel is earlier than 0:1.4.1-3.el5_3.5
            oval oval:com.redhat.rhsa:tst:20091232011
          • comment gnutls-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20080489005
        • AND
          • comment gnutls-utils is earlier than 0:1.4.1-3.el5_3.5
            oval oval:com.redhat.rhsa:tst:20091232009
          • comment gnutls-utils is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20080489007
    rhsa
    id RHSA-2009:1232
    released 2009-08-26
    severity Moderate
    title RHSA-2009:1232: gnutls security update (Moderate)
  • rhsa
    id RHSA-2010:0095
rpms
  • gnutls-0:1.0.20-4.el4_8.3
  • gnutls-devel-0:1.0.20-4.el4_8.3
  • gnutls-0:1.4.1-3.el5_3.5
  • gnutls-devel-0:1.4.1-3.el5_3.5
  • gnutls-utils-0:1.4.1-3.el5_3.5
refmap via4
bugtraq 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
confirm
mlist [oss-security] 20090814 GnuTLS CVE-2009-2730 Patches (Was Re: GnuTLS 2.8.2)
sectrack 1022777
secunia
  • 36266
  • 36496
suse SUSE-SR:2009:015
xf gnutls-cn-san-security-bypass(52404)
Last major update 21-08-2010 - 01:34
Published 12-08-2009 - 06:30
Last modified 10-10-2018 - 15:42
Back to Top