exploit the possibilities
Showing 1 - 6 of 6 RSS Feed

CVE-2009-2730

Status Candidate

Overview

libgnutls in GnuTLS before 2.8.2 does not properly handle a '�' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Related Files

Gentoo Linux Security Advisory 201206-18
Posted Jun 23, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-18 - Multiple vulnerabilities have been found in GnuTLS, allowing a remote attacker to perform man-in-the-middle or Denial of Service attacks. Versions less than 2.12.18 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2009-2730, CVE-2009-3555, CVE-2011-4128, CVE-2012-1573
MD5 | 44796bd189ac29a95fc21d07ba8b22ad
Gentoo Linux Security Advisory 201110-05
Posted Oct 10, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-5 - Multiple vulnerabilities were found in GnuTLS, allowing for easier man-in-the-middle attacks. Versions less than 2.10.0 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2009-2730, CVE-2009-3555
MD5 | ade17659213d450db1d12c5321ec7c49
Mandriva Linux Security Advisory 2009-308
Posted Dec 3, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-308 - gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup. A vulnerability have been discovered and corrected in GnuTLS before 2.8.2, which could allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Packages for 2008.0 are being provided due to extended support for Corporate products. This update fixes this vulnerability.

tags | advisory, remote, arbitrary, spoof
systems | linux, mandriva
advisories | CVE-2009-1417, CVE-2009-2730
MD5 | 9e1a6eee12849ada1a53886f4d2c4dd9
Debian Linux Security Advisory 1935-1
Posted Nov 18, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1935-1 - Dan Kaminsky and Moxie Marlinspike discovered that gnutls, an implementation of the TLS/SSL protocol, does not properly handle a '\\0' character in a domain name in the subject's Common Name or Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. In addition, with this update, certificates with MD2 hash signatures are no longer accepted since they're no longer considered cryptograhically secure.

tags | advisory, arbitrary, spoof, protocol
systems | linux, debian
advisories | CVE-2009-2409, CVE-2009-2730
MD5 | f1d05c0e177dfe3d76c29a5d66c2375b
Ubuntu Security Notice 809-1
Posted Aug 22, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-809-1 - Multiple vulnerabilities in gnutls12, gnutls13, and gnutls26 have been addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-2409, CVE-2009-2730
MD5 | 3dd58c80e1ed90fedfb0b46b66736c22
Mandriva Linux Security Advisory 2009-210
Posted Aug 22, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-210 - A vulnerability have been discovered and corrected in GnuTLS before 2.8.2, which could allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. This update fixes this vulnerability.

tags | advisory, arbitrary, spoof
systems | linux, mandriva
advisories | CVE-2009-2730
MD5 | 4ff9118a2e56395de1b803a3796dd9a5
Page 1 of 1
Back1Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    22 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    1 Files
  • 17
    Nov 17th
    3 Files
  • 18
    Nov 18th
    22 Files
  • 19
    Nov 19th
    17 Files
  • 20
    Nov 20th
    15 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close