Network Security Services (NSS) certificate security bypass (ASN1_NSS_Cert_Sec_Bypass)

About this signature or vulnerability

IBM Security Host Protection for Desktops, Proventia-G 1.1 and earlier, Proventia Network MFS, Proventia Network IDS, Virtual Server Protection for Vmware, Proventia Network IPS, Proventia Server IPS for Linux technology, IBM Security Host Protection for Servers (Unix), RealSecure Server Sensor, IBM Security Host Protection for Servers (Windows):

This signature detects SSL/TLS certificates that may be used to spoof the certificate's signing domain. The signature triggers on invalid characaters, including a NULL, in the Common Name fields.

This signature detects SSL/TLS certificates that may be used to spoof the certificates signing domain.


False positives

IBM Security Host Protection for Servers (Windows): A false-positive may occur if the subjectAltName extention contains an Octet String, which contains a sequence of attributes, where any of the attribute fields are blank or are zero-length.

Default risk level

Medium risk vulnerability  Medium

Sensors that have this signature

IBM Security Host Protection for Desktops: 2420, Proventia-G 1.1 and earlier: XPU 29.080, Proventia Network MFS: XPU 29.080, Proventia Network IDS: XPU 29.080, Virtual Server Protection for Vmware: 1.0, Proventia Network IPS: XPU 29.080, Proventia Server IPS for Linux technology: 29.080, IBM Security Host Protection for Servers (Unix): 2.2.2, RealSecure Server Sensor: XPU 29.080, IBM Security Host Protection for Servers (Windows): 2.0.300.2420, IBM Security Host Protection for Servers (Windows): 2.1.14.2420, IBM Security Host Protection for Servers (Windows): 1.0.914.2420

Systems affected

Microsoft Internet Explorer: 6.0, Gentoo Linux, Microsoft Internet Explorer: 6.0 SP1, SUSE SuSE Linux: 9.0, HP HP-UX: B.11.11, Eric S. Raymond Fetchmail: 6.2.4, RedHat Enterprise Linux: 3 WS, RedHat Enterprise Linux: 3 ES, RedHat Enterprise Linux: 3 AS, Sun Solaris: 9 x86, RedHat Enterprise Linux: 3 Desktop, Mozilla Firefox: 0.8, Mozilla Firefox: 0.9 rc, Mozilla Firefox: 0.9.2, HP HP-UX: B.11.23, Mozilla Firefox: 0.9.1, Mozilla Firefox: 0.9.3, Mozilla Firefox: 0.10.1, Mozilla Firefox: 1.0, Turbolinux Turbolinux: 10 Server, MandrakeSoft Mandrake Linux Corporate Server: 3.0, RedHat Enterprise Linux: 4 AS, RedHat Enterprise Linux: 4 Desktop, Mozilla Firefox: 1.0.1, Mozilla Firefox: 1.0.2, RedHat Enterprise Linux: 4 ES, RedHat Enterprise Linux: 4 WS, Mozilla Firefox: 1.0.3, Mozilla Firefox: 1.0.4, MandrakeSoft Mandrake Multi Network Firewall: 2.0, Mozilla Firefox: 1.0.6, Eric S. Raymond Fetchmail: 6.2.0, Eric S. Raymond Fetchmail: 6.2.5.1, Sun Solaris: 10 SPARC, Sun Solaris: 10 x86, Mozilla Firefox: 1.5 Beta1, Mozilla Firefox: 2.0, Mozilla Firefox: 1.0.7, Eric S. Raymond Fetchmail: 6.2.5.2, Mozilla Firefox: 1.5, Mozilla Firefox: 1.5.0.2, RedHat RHEL Extras: 4, Mozilla Firefox: 1.5.0.3, Mozilla Firefox: 1.5.0.4, Mozilla Firefox: 1.0.8, Canonical Ubuntu: 6.06 LTS, Novell SLE SDK: 10, Mozilla Firefox: 1.5.0.6, Mozilla Firefox: 1.5.0.7, Mozilla SeaMonkey: 1.0.5, Mozilla Network Security Services: 3.11.3, Novell SUSE Linux Enterprise Server: 10, MandrakeSoft Mandrake Linux Corporate Server: 4.0, MandrakeSoft Mandrake Linux Corporate Server: 4.0 X86_64, MandrakeSoft Mandrake Linux Corporate Server: 3.0 X86_64, Microsoft Internet Explorer: 7.0, Mozilla SeaMonkey: 1.0.7, Mozilla SeaMonkey: 1.0.2, Mozilla Firefox: 1.5.0.9, SuSE SLES SDK: 9, Mozilla Firefox: 2.0.0.1, Mozilla Firefox: 1.8, RedHat Enterprise Linux: 5, RedHat Enterprise Linux: 5 Client Workstation, Mozilla Firefox: 2.0.0.2, Mozilla Firefox: 2.0.0.3, MandrakeSoft Mandrake Linux: 2008.0 X86_64, Debian Debian Linux: 4.0, HP HP-UX: B.11.31, Mozilla Firefox: 2.0.0.4, Mozilla Firefox: 1.5.0.12, Apple Safari: 3.0.1, Apple Safari: 3.0.2, Mozilla Firefox: 2.0.0.5, Mozilla Thunderbird: 2.0.0.5, Mozilla SeaMonkey: 1.1.3, Mozilla Firefox: 2.0.0.6, Apple Safari: 3.0.3, RedHat Enterprise Linux: 5 Client, MandrakeSoft Mandrake Linux: 2008.0, MandrakeSoft Mandrake Linux: 2008.1 X86_64, Mozilla Firefox: 2.0.0.9, Mozilla Thunderbird: 2.0.0.4, Mozilla Thunderbird: 2.0.0.3, Mozilla Thunderbird: 2.0.0.2, Mozilla Thunderbird: 2.0.0.1, Mozilla SeaMonkey: 1.1.2, Mozilla SeaMonkey: 1.1.1, Mozilla Firefox: 3.0 Alpha, Mozilla Firefox: 2.0.0.7, Mozilla Thunderbird: 2.0.0.6, Mozilla Thunderbird: 2.0.0.7, Mozilla SeaMonkey: 1.1.4, Mozilla Firefox: 2.0.0.8, IBM DB2: 9.1, Apple Safari: 3.0.4 Beta, Mozilla SeaMonkey: 1.1.5, Mozilla SeaMonkey: 1.1.6, Mozilla Firefox: 2.0.0.11, Mozilla Firefox: 2.0.0.12, Mozilla Thunderbird: 2.0.0.9, Apple Safari: 3.1, IBM DB2: 9.5, Apple Safari: 3.0.2 Beta, Apple Safari: 3.0.1 Beta, Apple Safari: 3.1 Beta, Mozilla Firefox: 2.0 Beta1, Mozilla Firefox: 2.0 rc2, Mozilla Firefox: 2.0 rc3, Mozilla Firefox: 2.0.0.10, Mozilla Firefox: 2.0.0.13, Mozilla Thunderbird: 2.0.0.0, Mozilla Thunderbird: 2.0.0.11, Mozilla Thunderbird: 2.0.0.12, Mozilla Thunderbird: 2.0.0.13, Mozilla Thunderbird: 2.0.0.8, Mozilla SeaMonkey: 1.0, Mozilla SeaMonkey: 1.0.1, Mozilla SeaMonkey: 1.0.3, Mozilla SeaMonkey: 1.0.4, Mozilla SeaMonkey: 1.0.6, Mozilla SeaMonkey: 1.0.8, Mozilla SeaMonkey: 1.0.9, Mozilla SeaMonkey: 1.1, Mozilla SeaMonkey: 1.1.7, Mozilla SeaMonkey: 1.1.8, Mozilla SeaMonkey: 1.1.9, Apple Safari: 3.0, Apple Safari: 3.0.4, IBM DB2: 8.2, Mozilla Firefox: 0.10, Mozilla Firefox: 0.9, Mozilla Firefox: 1.0.5, Mozilla Firefox: 1.5.0.1, Mozilla Firefox: 1.5.0.10, Mozilla Firefox: 1.5.0.11, Mozilla Firefox: 1.5.0.5, Mozilla Firefox: 1.5.0.8, Mozilla Firefox: 1.5.1, Mozilla Firefox: 1.5.2, Mozilla Firefox: 1.5.3, Mozilla Firefox: 1.5.4, Mozilla Firefox: 1.5.5, Mozilla Firefox: 1.5.6, Mozilla Firefox: 1.5.7, Mozilla Firefox: 1.5.8, Mozilla Firefox: 1.5 Beta2, Mozilla Network Security Services: 3.11.2, Mozilla Network Security Services: 3.11.4, Mozilla Network Security Services: 3.11.5, Mozilla SeaMonkey: 1.1 Beta, Novell OpenSUSE: 10.3, Apple Safari: 3.1.1, MandrakeSoft Mandrake Linux: 2008.1, Mozilla Firefox: 3.0 Beta5, Canonical Ubuntu: 8.04 LTS, Mozilla Firefox: 3.0 Beta1, Mozilla Firefox: 3.0 Beta2, Mozilla Firefox: 3.0 Beta3, Mozilla Firefox: 3.0 Beta4, Mozilla SeaMonkey: 1.0 Alpha, Mozilla SeaMonkey: 1.0 Beta, Mozilla Firefox: 0.7, Mozilla Firefox: 2.0.0.14, RedHat Enterprise Linux: 5.2.z EUS, Mozilla Firefox: 3.0, Novell OpenSUSE: 11.0, Novell SUSE Linux Enterprise Desktop: 10 SP2, Novell SUSE Linux Enterprise: 10 SP2 DEBUGINFO, Novell SLE SDK: 10 SP2, Novell SUSE Linux Enterprise Server: 10 SP2, Sun OpenSolaris: build_snv_89 x86, Sun OpenSolaris: build_snv_89 SPARC, Mozilla Firefox: 2.0.0.15, Apple Safari: 3.1.2, Sun Solaris: 9 SPARC, Sun OpenSolaris: build_snv_95 SPARC, Sun OpenSolaris: build_snv_95 x86, Mozilla Firefox: 3.0.1, Sun OpenSolaris: build_snv_01 x86, Sun OpenSolaris: build_snv_02 x86, Sun OpenSolaris: build_snv_64 x86, Sun OpenSolaris: build_snv_79b x86, Sun OpenSolaris: build_snv_88 x86, Sun OpenSolaris: build_snv_01 SPARC, Sun OpenSolaris: build_snv_02 SPARC, Sun OpenSolaris: build_snv_64 SPARC, Sun OpenSolaris: build_snv_79b SPARC, Sun OpenSolaris: build_snv_88 SPARC, Joe Orton neon: 0.28.2, Joe Orton neon: 0.28.1, Joe Orton neon: 0.28, Mozilla SeaMonkey: 1.1.10, Mozilla SeaMonkey: 1.1.11, Mozilla Thunderbird: 2.0.0.14, Mozilla Thunderbird: 2.0.0.16, Mozilla Firefox: 2.0.0.16, Sun OpenSolaris: build_snv_03 x86, Sun OpenSolaris: build_snv_04 x86, Sun OpenSolaris: build_snv_05 x86, Sun OpenSolaris: build_snv_06 x86, Sun OpenSolaris: build_snv_07 x86, Sun OpenSolaris: build_snv_08 x86, Sun OpenSolaris: build_snv_09 x86, Sun OpenSolaris: build_snv_10 x86, Sun OpenSolaris: build_snv_11 x86, Sun OpenSolaris: build_snv_12 x86, Sun OpenSolaris: build_snv_48 x86, Sun OpenSolaris: build_snv_50 x86, Sun OpenSolaris: build_snv_53 x86, Sun OpenSolaris: build_snv_54 x86, Sun OpenSolaris: build_snv_56 x86, Sun OpenSolaris: build_snv_58 x86, Sun OpenSolaris: build_snv_59 x86, Sun OpenSolaris: build_snv_60 x86, Sun OpenSolaris: build_snv_62 x86, Sun OpenSolaris: build_snv_65 x86, Sun OpenSolaris: build_snv_68 x86, Sun OpenSolaris: build_snv_69 x86, Sun OpenSolaris: build_snv_72 x86, Sun OpenSolaris: build_snv_75 x86, Sun OpenSolaris: build_snv_76 x86, Sun OpenSolaris: build_snv_78 x86, Sun OpenSolaris: build_snv_81 x86, Sun OpenSolaris: build_snv_82 x86, Sun OpenSolaris: build_snv_84 x86, Sun OpenSolaris: build_snv_85 x86, Sun OpenSolaris: build_snv_87 x86, Sun OpenSolaris: build_snv_86 x86, Sun OpenSolaris: build_snv_49 x86, Sun OpenSolaris: build_snv_51 x86, Sun OpenSolaris: build_snv_52 x86, Sun OpenSolaris: build_snv_55 x86, Sun OpenSolaris: build_snv_57 x86, Sun OpenSolaris: build_snv_61 x86, Sun OpenSolaris: build_snv_63 x86, Sun OpenSolaris: build_snv_66 x86, Sun OpenSolaris: build_snv_67 x86, Sun OpenSolaris: build_snv_70 x86, Sun OpenSolaris: build_snv_71 x86, Sun OpenSolaris: build_snv_73 x86, Sun OpenSolaris: build_snv_74 x86, Sun OpenSolaris: build_snv_77 x86, Sun OpenSolaris: build_snv_79 x86, Sun OpenSolaris: build_snv_83 x86, Sun OpenSolaris: build_snv_03 SPARC, Sun OpenSolaris: build_snv_04 SPARC, Sun OpenSolaris: build_snv_05 SPARC, Sun OpenSolaris: build_snv_06 SPARC, Sun OpenSolaris: build_snv_07 SPARC, Sun OpenSolaris: build_snv_08 SPARC, Sun OpenSolaris: build_snv_11 SPARC, Sun OpenSolaris: build_snv_12 SPARC, Sun OpenSolaris: build_snv_09 SPARC, Sun OpenSolaris: build_snv_10 SPARC, Sun OpenSolaris: build_snv_48 SPARC, Sun OpenSolaris: build_snv_55 SPARC, Sun OpenSolaris: build_snv_54 SPARC, Sun OpenSolaris: build_snv_50 SPARC, Sun OpenSolaris: build_snv_57 SPARC, Sun OpenSolaris: build_snv_49 SPARC, Sun OpenSolaris: build_snv_56 SPARC, Sun OpenSolaris: build_snv_52 SPARC, Sun OpenSolaris: build_snv_51 SPARC, Sun OpenSolaris: build_snv_53 SPARC, Sun OpenSolaris: build_snv_67 SPARC, Sun OpenSolaris: build_snv_66 SPARC, Sun OpenSolaris: build_snv_59 SPARC, Sun OpenSolaris: build_snv_65 SPARC, Sun OpenSolaris: build_snv_58 SPARC, Sun OpenSolaris: build_snv_61 SPARC, Sun OpenSolaris: build_snv_63 SPARC, Sun OpenSolaris: build_snv_60 SPARC, Sun OpenSolaris: build_snv_62 SPARC, Sun OpenSolaris: build_snv_71 SPARC, Sun OpenSolaris: build_snv_68 SPARC, Sun OpenSolaris: build_snv_72 SPARC, Sun OpenSolaris: build_snv_77 SPARC, Sun OpenSolaris: build_snv_70 SPARC, Sun OpenSolaris: build_snv_74 SPARC, Sun OpenSolaris: build_snv_73 SPARC, Sun OpenSolaris: build_snv_76 SPARC, Sun OpenSolaris: build_snv_69 SPARC, Sun OpenSolaris: build_snv_75 SPARC, Sun OpenSolaris: build_snv_78 SPARC, Sun OpenSolaris: build_snv_84 SPARC, Sun OpenSolaris: build_snv_83 SPARC, Sun OpenSolaris: build_snv_79 SPARC, Sun OpenSolaris: build_snv_86 SPARC, Sun OpenSolaris: build_snv_85 SPARC, Sun OpenSolaris: build_snv_87 SPARC, Sun OpenSolaris: build_snv_80 SPARC, Sun OpenSolaris: build_snv_82 SPARC, Sun OpenSolaris: build_snv_81 SPARC, Mozilla Thunderbird: 2.0.0.15, Mozilla Firefox: 3.0.3, Mozilla Firefox: 3.0.2, Mandriva Linux: 2009.0, Mandriva Linux: 2009.0 X86_64, Canonical Ubuntu: 8.10, Sun OpenSolaris: build_snv_100 x86, Sun OpenSolaris: build_snv_100 SPARC, Sun OpenSolaris: build_snv_102 SPARC, Sun OpenSolaris: build_snv_102 x86, Mozilla Firefox: 2.0.0.17, Mozilla SeaMonkey: 1.1.12, Mozilla Thunderbird: 2.0.0.17, Sun OpenSolaris: build_snv_80 x86, Sun OpenSolaris: build_snv_91 x86, Sun OpenSolaris: build_snv_91 SPARC, Sun OpenSolaris: build_snv_90 x86, Sun OpenSolaris: build_snv_90 SPARC, Sun OpenSolaris: build_snv_104 SPARC, Sun OpenSolaris: build_snv_104 x86, Mozilla Firefox: 3.0.4, Mozilla SeaMonkey: 1.1.13, Mozilla Thunderbird: 2.0.0.18, Mozilla Firefox: 2.0.0.18, Mozilla Firefox: 2.0.0.19, Mozilla Firefox: 3.0.5, Apple Safari: 3.2, Sun OpenSolaris: build_snv_101 x86, Sun OpenSolaris: build_snv_101 SPARC, Sun OpenSolaris: build_snv_105 SPARC, Sun OpenSolaris: build_snv_105 x86, Sun OpenSolaris: build_snv_92 SPARC, Sun OpenSolaris: build_snv_92 x86, Sun OpenSolaris: build_snv_93 SPARC, Sun OpenSolaris: build_snv_94 SPARC, Sun OpenSolaris: build_snv_99 SPARC, Sun OpenSolaris: build_snv_98 SPARC, Sun OpenSolaris: build_snv_97 SPARC, Sun OpenSolaris: build_snv_96 SPARC, Sun OpenSolaris: build_snv_94 x86, Sun OpenSolaris: build_snv_93 x86, Sun OpenSolaris: build_snv_99 x86, Sun OpenSolaris: build_snv_97 x86, Sun OpenSolaris: build_snv_98 x86, Sun OpenSolaris: build_snv_96 x86, Sun OpenSolaris: build_snv_103 SPARC, Sun OpenSolaris: build_snv_103 x86, Sun OpenSolaris: build_snv_106 SPARC, Sun OpenSolaris: build_snv_106 x86, RedHat Enterprise Linux: 5.3.z EUS, Sun OpenSolaris: build_snv_107 SPARC, Sun OpenSolaris: build_snv_107 x86, Apple Safari: 3.2.1, Mozilla Thunderbird: 2.0.0.19, Mozilla Thunderbird: 2.0.0.20, Mozilla SeaMonkey: 1.1.14, Debian Debian Linux: 5.0, Mozilla SeaMonkey: 1.1 Alpha, Apple Safari: 4 Beta, Mozilla Firefox: 3.0.6, Sun OpenSolaris: build_snv_108 SPARC, Sun OpenSolaris: build_snv_109 SPARC, Sun OpenSolaris: build_snv_110 SPARC, Sun OpenSolaris: build_snv_108 x86, Sun OpenSolaris: build_snv_109 x86, Sun OpenSolaris: build_snv_110 x86, Apple Safari: 3.2.2, Microsoft Internet Explorer: 8.0, Mozilla Firefox: 3.0.7, Mozilla SeaMonkey: 1.1.15, Sun OpenSolaris: build_snv_111 SPARC, Sun OpenSolaris: build_snv_111 x86, Apple Safari: 3.0.0, Apple Safari: 3.0.0B, Apple Safari: 3.0.0B Windows, Apple Safari: 3.0.1B, Apple Safari: 3.0.1B Windows, Apple Safari: 3.0.2B, Apple Safari: 3.0.2B Windows, Apple Safari: 3.0.3B, Apple Safari: 3.0.3B Windows, Apple Safari: 3.0.4B, Apple Safari: 3.0.4B Windows, Apple Safari: 3.1.0, Apple Safari: 3.1.0B, Apple Safari: 3.1.0B Windows, Apple Safari: 3.1.1B Windows, Apple Safari: 3.1.2B Windows, Apple Safari: 3.2.0B Windows, Apple Safari: 3.2.1B Windows, Mozilla Firefox: 0.1, Mozilla Firefox: 0.2, Mozilla Firefox: 0.3, Mozilla Firefox: 0.4, Mozilla Firefox: 0.5, Mozilla Firefox: 0.6, Mozilla Firefox: 0.6.1, Mozilla Firefox: 0.7.1, Mozilla Firefox: 1.0 Preview Release, Mozilla Firefox: 3.0.8, Mozilla Thunderbird: 2.0.0.21, Mozilla SeaMonkey: 1.1.16, Mozilla Firefox: 3.0.9, Sun OpenSolaris: build_snv_112 x86, Sun OpenSolaris: build_snv_113 x86, Sun OpenSolaris: build_snv_112 SPARC, Sun OpenSolaris: build_snv_113 SPARC, Sun OpenSolaris: build_snv_114 SPARC, Sun OpenSolaris: build_snv_114 x86, Mozilla Firefox: 3.0.10, Sun OpenSolaris: build_snv_116 SPARC, Sun OpenSolaris: build_snv_116 x86, Mozilla Firefox: 0.9 RC, Mozilla Firefox: 1.4.1, Mozilla Firefox: 2.0.0.20, Mozilla Firefox: 2.0.0.21, Mozilla Firefox: 2.0 .1, Mozilla Firefox: 2.0 .10, Mozilla Firefox: 2.0 .4, Mozilla Firefox: 2.0 .6, Mozilla Firefox: 2.0 .9, Mozilla Firefox: 2.0 8, Mozilla Firefox: 2.0 .5, Apple Safari: 3.2.3, Apple Safari: 4.0 Beta, Sun OpenSolaris: build_snv_117 SPARC, Sun OpenSolaris: build_snv_117 x86, Apple Safari: 3.0.2 Windows, Apple Safari: 3.0 Windows, Apple Safari: 3.0.1 Windows, Apple Safari: 3.0.3 Windows, Apple Safari: 3.0.4 Windows, Apple Safari: 3.1 Windows, Apple Safari: 3.1.1 Windows, Apple Safari: 3.1.2 Windows, Apple Safari: 3.2.1 Windows, Apple Safari: 3.2.2 Windows, Apple Safari: 3.2.3 Windows, Apple Safari: 3.0.4 Beta, Apple Safari: 3.2.0, Sun OpenSolaris: build_snv_118 SPARC, Sun OpenSolaris: build_snv_118 x86, Apple Safari: 4.0, Apple Safari: 4.0.1, Sun OpenSolaris: build_snv_119 SPARC, Sun OpenSolaris: build_snv_119 x86, Sun OpenSolaris: build_snv_115 SPARC, Sun OpenSolaris: build_snv_115 x86, Sun OpenSolaris: build_snv_120 SPARC, Sun OpenSolaris: build_snv_120 x86, Mozilla Firefox: 3.0.12, Mandriva Linux: 2009.1, Mandriva Linux: 2009.1 X86_64, Mozilla Firefox: 3.0.13, Mozilla Firefox: 3.1 Beta1, Mozilla Firefox: 3.1 Beta2, Mozilla Firefox: 3.1 Beta3, Apple Safari: 4.0.2, Apple Safari: 3.2.2B Windows, Apple Safari: 4.0.0B, IBM DB2: 9.7, Mozilla Firefox: 2.0 .7, Mozilla Firefox: 3.0.11, Mozilla Firefox: 1.0.6 Linux, Mozilla Nss: 3.11.8, Mozilla Nss: 3.11.2, Mozilla Nss: 3.6, Mozilla Nss: 3.12, Mozilla Nss: 3.11.7, Mozilla Nss: 3.4, Mozilla Nss: 3.11.4, Mozilla Nss: 3.0, Joe Orton neon: 0.28.3, Joe Orton neon: 0.28.5, Mozilla SeaMonkey: 1.5.0.8, Mozilla SeaMonkey: 1.5.0.9, Mozilla SeaMonkey: 1.5.0.10, Apple Safari: 4.0.3, Mozilla SeaMonkey: 1.1.17, Mozilla Firefox: 3.0beta5, KDE KDE: 3.5.4, Michael R. Elkins and Jeremy Blosser Mutt: 1.5.20, Michael R. Elkins and Jeremy Blosser Mutt: 1.5.19, Sun OpenSolaris: build_snv_121 SPARC, Sun OpenSolaris: build_snv_122 SPARC, Sun OpenSolaris: build_snv_121 x86, Sun OpenSolaris: build_snv_122 x86, Apple Mac OS X: 10.5.8, Apple Mac OS X Server: 10.5.8, Apple Mac OS X Server: 10.6, Apple Mac OS X: 10.6, Sun OpenSolaris: build_snv_123 SPARC, Sun OpenSolaris: build_snv_123 x86, RedHat Enterprise Linux: 4.8.z ES, RedHat Enterprise Linux: 4.8.z AS, Sun OpenSolaris: build_snv_124 SPARC, Sun OpenSolaris: build_snv_124 x86, Sun OpenSolaris: build_snv_125 SPARC, Sun OpenSolaris: build_snv_125 x86, RedHat Enterprise Linux: 5.4.z EUS, RedHat Enterprise Linux: 4.7.z AS, Apple Mac OS X Server: 10.6.1, Apple Mac OS X: 10.6.1, Martin Lambers mpop: 1.0.18, Martin Lambers msmtp: 1.4.18, Mozilla Thunderbird: 2.0.0.22, Sendmail Sendmail: 8.14.4, Tigris TortoiseSVN: 1.6.4, Mozilla Firefox: 3.2 Beta3, Mozilla Firefox: 3.2 Beta1, Mozilla Firefox: 3.2 Beta2, libESMTP libESMTP: 1.0.3, RedHat Red Hat Enterprise Linux: 4.7.z ES, Attachmate Reflection: 14.0.5, Attachmate Reflection: 14.0, Attachmate Reflection: 13.0, Attachmate Reflection: 13.0.5, w3m w3m: 0.5.2, Turbolinux Client: 2008, Mandriva Enterprise Server: 5, Mandriva Enterprise Server: 5 X86_64, Mandriva Linux: 2010 X86_64, Mandriva Linux: 2010, Oracle Solaris: 11 Express, RedHat Enterprise Linux Long Life : 5.3

Type

Suspicious Activity

Vulnerability description

Network Security Services (NSS) could allow a remote attacker to bypass security restrictions, caused by an error when parsing x509 certificate domain names. By creating a specially-crafted certificate signed by a trusted Certificate Authority containing NULL terminators in the Common Name (CN) field, an attacker could exploit this vulnerability via man-in-the-middle techniques to bypass security restrictions and cause the victim's client to accept spoofed SSL server certificates.

How to remove this vulnerability

Upgrade to the latest version of Network Security Services (3.12.3 or later), available from the Mozilla Web site. See References.

For other distributions:
Apply the appropriate update for your system. See References.

References

Mozilla Web site
Network Security Services (NSS)
http://www.mozilla.org/projects/security/pki/nss/

Red Hat Bugzilla Bug 510251
firefox/nss: doesn't handle NULL in Common Name properly
https://bugzilla.redhat.com/show_bug.cgi?id=510251

fetchmail-SA-2009-01
Improper SSL certificate subject verification
http://www.fetchmail.info/fetchmail-SA-2009-01.txt

oss-security Mailing List, Wed, 05 Aug 2009 17:14:36 +0200
CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass
http://www.openwall.com/lists/oss-security/2009/08/05/4

MFSA 2009-42
Compromise of SSL-protected communication
http://www.mozilla.org/security/announce/2009/mfsa2009-42.html

IBM Internet Security Systems Protection Alert
Network Security Services (NSS) Certificate Security Bypass
http://www.iss.net/threats/344.html

IBM SECURITY ADVISORY
IBM NAS (Network Authentication Service) vulnerabilities for DB2 V8.2, V9.1, v9.5 and V9.7
http://www-01.ibm.com/support/docview.wss?uid=swg21396120

Neon Mailing List
CVE-2009-2474: fix handling of NUL in SSL cert subject names
http://lists.manyfish.co.uk/pipermail/neon/2009-August/001046.html

Neon Mailing List
neon: release 0.28.6 (SECURITY)
http://lists.manyfish.co.uk/pipermail/neon/2009-August/001044.html

Commit in qt in Qt - Qt by Nokia
Fix parsing of Subject Alternate Names in Qt
http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6

Red Hat Bugzilla Bug 520661
CVE-2009-2702 kdelibs: kssl incorrect verification of SSL certificate with NUL in subjectAltName
https://bugzilla.redhat.com/show_bug.cgi?id=520661

Mutt Web Site
Changeset 6016:dc09812e63a3 for mutt_ssl.c
http://dev.mutt.org/trac/changeset/6016:dc09812e63a3/mutt_ssl.c

Apple Safari Web site
Apple Safari
http://www.apple.com/safari/

Microsoft Internet Explorer Web site
Internet Explorer
http://www.microsoft.com/windows/internet-explorer/default.aspx

Sun Alert ID: 269468
Security Vulnerability in Mozilla Thunderbird Related to SSL Certificates May Cause Arbitrary Code Execution
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269468-1

Apple Web site
About Security Update 2009-006 / Mac OS X v10.6.2
http://support.apple.com/kb/HT3937

msmtp Web Site
msmtp 1.4.19 is released!
http://msmtp.sourceforge.net/news.html

mpop Web Site
mpop 1.0.19 is released!
http://mpop.sourceforge.net/news.html

Sun Alert ID: 273590
Security Vulnerability in wget(1) Related to Certificate Parsing may Allow Encrypted HTTP Communication to be Intercepted Using a Man-in-the-Middle (MITM) Attack
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273590-1

Sendmail Web Site
Sendmail - 8.14.4
http://www.sendmail.org/releases/8.14.4

Open Source Software security discussions
libesmtp does not check NULL bytes in commonName
http://permalink.gmane.org/gmane.comp.security.oss.general/2637

IBM APAR IZ72526
SENDMAIL TLS SERVER VULNERABILITY CVE-2009-4565
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ72526

IBM APAR IZ72510
SENDMAIL TLS SERVER VULNERABILITY CVE-2009-4565
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ72510

HP Security Bulletin HPSBUX02508 SSRT100007 rev.1
HP-UX Running sendmail with STARTTLS Enabled, Remote Unauthorized Access
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02009860

oss-security Mailing List, Wed, 3 Mar 2010 13:58:45 -0800
CVE Request: libesmtp does not check NULL bytes in commonName
http://www.openwall.com/lists/oss-security/2010/03/03/6

Debian Bug report logs - #311191
libesmtp5: Flaw in TLS certificate hostname matching code
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311191

Debian Bug report logs - #311191
libesmtp5: Flaw in TLS certificate hostname matching code
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311191

Attachmate Web Site
Security Updates and Reflection
http://support.attachmate.com/techdocs/1708.html

Sun Alert
Sun Solaris Sendmail SSL Certificate Spoofing Vulnerability
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021797.1-1

oss-security Mailing List, Mon, 14 Jun 2010 13:25:03 +0200
CVE Request: w3m does not check null bytes CN/subjAltName
http://www.openwall.com/lists/oss-security/2010/06/14/4

TortoiseSVN Web Site
TortoiseSVN 1.6.5 released
http://tortoisesvn.net/node/378

Sun Product Security Blog, Sep 16, 2011
CVE-2010-2074 Improper Input Validation Vulnerability in w3m
http://blogs.oracle.com/sunsecurity/entry/cve_2010_2074_improper_input

ISS X-Force
Network Security Services (NSS) certificate security bypass
http://www.iss.net/security_center/static/52141.php

CVE
CVE-2010-2074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2074