REDHAT-BUG-520661
First published: Tue Sep 01 2009(Updated: )
A method to bypass SSL certificate name vs. host name verification via NUL ('\0') character embedded in X509 certificate's CommonName or subjectAltName was presented at Black Hat USA 2009: <a href="http://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike">http://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike</a> Similar issues affects kdelibs' kssl. Problem only exists in handling of subjectAltNames, CommonNames with embedded NUL chars are handled correctly. According to Thiago Macieira (maintainer of KDE's and Qt's SSL code), kssl is no longer used in current KDE4 versions, Qt's SSL code is used instead (which is affected by similar problem, see <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - CVE-2009-2700 Qt: QSslCertificate incorrect verification of SSL certificate with NUL in subjectAltName" href="show_bug.cgi?id=520435">bug #520435</a>). Problem affects kdelibs 3.5.4 shipped in Red Hat Enterprise Linux 5. Versions in Red Hat Enterprise Linux 4 (3.3.1) and Red Hat Enterprise Linux 3 (3.1.3) are not affected, as they do not support subjectAltNames at all. Unlike Qt, kssl is not prone to creation of universal MITM certificate (*\0.whatever.com), as matching of '*' wild card is limited to single host name component.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| KDE kdelibs3 | ||
| Red Hat Enterprise Linux | >5<=5 | |
| Qt |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=520435
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=359423&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=359423&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=359429&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=359429&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=520661#c4
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=520661#c5
- http://admin.fedoraproject.org/updates/akonadi-1.2.1-1.fc11,kdeaccessibility-4.3.1-1.fc11,kdeadmin-4.3.1-1.fc11,kdeartwork-4.3.1-1.fc11,kdebase-4.3.1-2.fc11,kdebase-runtime-4.3.1-1.fc11,kdebase-workspace-4.3.1-1.fc11,kdebindings-4.3.1-3.fc11,kdeedu-4.3.1-1.fc11,kdegames-4.3.1-1.fc11,kdegraphics-4.3.1-1.fc11,kdelibs-4.3.1-3.fc11,kdelibs-experimental-4.3.1-1.fc11,kdemultimedia-4.3.1-1.fc11,kdenetwork-4.3.1-1.fc11,kdepim-4.3.1-1.fc11,kdepim-runtime-4.3.1-1.fc11,kdepimlibs-4.3.1-1.fc11,kdeplasma-addons-4.3.1-1.fc11,kdesdk-4.3.1-1.fc11,kdetoys-4.3.1-1.fc11,kdeutils-4.3.1-1.fc11,kde-l10n-4.3.1-2.fc11,oxygen-icon-theme-4.3.1-1.fc11
- http://admin.fedoraproject.org/updates/akonadi-1.2.1-1.fc10,kdeaccessibility-4.3.1-1.fc10,kdeadmin-4.3.1-1.fc10,kdeartwork-4.3.1-1.fc10,kdebase-4.3.1-2.fc10,kdebase-runtime-4.3.1-1.fc10,kdebase-workspace-4.3.1-1.fc10,kdebindings-4.3.1-3.fc10,kdeedu-4.3.1-1.fc10,kdegames-4.3.1-1.fc10,kdegraphics-4.3.1-1.fc10,kdelibs-4.3.1-3.fc10,kdelibs-experimental-4.3.1-1.fc10,kdemultimedia-4.3.1-1.fc10,kdenetwork-4.3.1-1.fc10,kdepim-4.3.1-1.fc10,kdepim-runtime-4.3.1-1.fc10,kdepimlibs-4.3.1-1.fc10,kdeplasma-addons-4.3.1-1.fc10,kdesdk-4.3.1-1.fc10,kdetoys-4.3.1-1.fc10,kdeutils-4.3.1-1.fc10,kde-l10n-4.3.1-2.fc10,oxygen-icon-theme-4.3.1-1.fc10
- http://admin.fedoraproject.org/updates/kdelibs3-3.5.10-13.fc10.1
- http://admin.fedoraproject.org/updates/kdelibs3-3.5.10-13.fc11.1
- https://access.redhat.com/security/cve/CVE-2009-2702
- https://access.redhat.com/security/cve/CVE-2009-2408
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2702
- http://secunia.com/advisories/36468
- http://www.vupen.com/english/advisories/2009/2532
- https://bugzilla.redhat.com/show_bug.cgi?id=520661
Frequently Asked Questions
What is the severity of REDHAT-BUG-520661?
The severity of REDHAT-BUG-520661 is high due to the potential for SSL certificate validation bypass.
How do I fix REDHAT-BUG-520661?
To mitigate REDHAT-BUG-520661, ensure that your software is updated to the latest stable version with security patches applied.
What software is affected by REDHAT-BUG-520661?
REDHAT-BUG-520661 affects KDE kdelibs, Red Hat Enterprise Linux versions prior to 5, and Qt.
What vulnerability does REDHAT-BUG-520661 exploit?
REDHAT-BUG-520661 exploits a method for bypassing SSL certificate name verification using a NUL character.
When was the vulnerability REDHAT-BUG-520661 first presented?
The vulnerability REDHAT-BUG-520661 was first presented at Black Hat USA 2009.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-2702
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- vendor/kde
- canonical/kde kdelibs3
- vendor/red hat
- canonical/red hat enterprise linux
- vendor/qt
- canonical/qt