CVE-2009-3490
First published: Mon Aug 31 2009(Updated: )
A method to bypass SSL certificate name vs. host name verification via NUL ('\0') character embedded in X509 certificate's CommonName or subjectAltName was presented at Black Hat USA 2009: <a href="http://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike">http://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike</a> Similar problem affected wget (from a testing and very quick look at the code, subjectAltNames are not supported, hence only CommonName is a vector). Upstream bug report: <a href="http://savannah.gnu.org/bugs/?27183">http://savannah.gnu.org/bugs/?27183</a> (currently not public) Contents of upstream bug report, leaked via wget-notify list: <a href="http://addictivecode.org/pipermail/wget-notify/2009-August/001808.html">http://addictivecode.org/pipermail/wget-notify/2009-August/001808.html</a> Upstream fixes: <a href="http://hg.addictivecode.org/wget/mainline/rev/2d8c76a23e7d">http://hg.addictivecode.org/wget/mainline/rev/2d8c76a23e7d</a> <a href="http://hg.addictivecode.org/wget/mainline/rev/f2d2ca32fd1b">http://hg.addictivecode.org/wget/mainline/rev/f2d2ca32fd1b</a> <a href="http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7">http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU Wget | =1.11.3 | |
| GNU Wget | =1.11.2 | |
| GNU Wget | =1.7 | |
| GNU Wget | <=1.11.4 | |
| GNU Wget | =1.9 | |
| GNU Wget | =1.10 | |
| GNU Wget | =1.6 | |
| GNU Wget | =1.8 | |
| GNU Wget | =1.11.1 | |
| GNU Wget | =1.8.1 | |
| GNU Wget | =1.10.1 | |
| GNU Wget | =1.9.1 | |
| GNU Wget | =1.11 | |
| GNU Wget | =1.7.1 | |
| GNU Wget | =1.5.3 | |
| GNU Wget | =1.10.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://addictivecode.org/pipermail/wget-notify/2009-August/001808.html
- http://www.securityfocus.com/bid/36205
- http://www.vupen.com/english/advisories/2009/2498
- http://secunia.com/advisories/36540
- http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7
- http://marc.info/?l=oss-security&m=125369675820512&w=2
- http://permalink.gmane.org/gmane.comp.web.wget.general/8972
- https://bugzilla.redhat.com/show_bug.cgi?id=520454
- http://marc.info/?l=oss-security&m=125198917018936&w=2
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11099
- http://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike
- http://savannah.gnu.org/bugs/?27183
- http://hg.addictivecode.org/wget/mainline/rev/2d8c76a23e7d
- http://hg.addictivecode.org/wget/mainline/rev/f2d2ca32fd1b
- https://rhn.redhat.com/errata/RHSA-2009-1549.html
- http://admin.fedoraproject.org/updates/wget-1.12-1.fc11
- http://admin.fedoraproject.org/updates/wget-1.12-1.fc12
- http://admin.fedoraproject.org/updates/wget-1.12-1.fc10
- http://admin.fedoraproject.org/updates/wget-1.12-2.fc12
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-3490
- vendor/gnu
- canonical/gnu wget
- version/gnu wget/1.11.3
- version/gnu wget/1.11.2
- version/gnu wget/1.7
- version/gnu wget/1.11.4
- version/gnu wget/1.9
- version/gnu wget/1.10
- version/gnu wget/1.6
- version/gnu wget/1.8
- version/gnu wget/1.11.1
- version/gnu wget/1.8.1
- version/gnu wget/1.10.1
- version/gnu wget/1.9.1
- version/gnu wget/1.11
- version/gnu wget/1.7.1
- version/gnu wget/1.5.3
- version/gnu wget/1.10.2