exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2009-3490

Status Candidate

Overview

GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Related Files

Mandriva Linux Security Advisory 2009-206
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-206 - GNU Wget before 1.12 does not properly handle a '\\0' (NUL) character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. This update provides a solution to this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, remote, arbitrary, spoof
systems | linux, mandriva
advisories | CVE-2009-3490
SHA-256 | 4d134cb5317746dbabde9ddcb0704cf7d3ebb8c26b5476cc7c3f8d510610cac6
Gentoo Linux Security Advisory 200910-1
Posted Oct 21, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 200910-1 - An error in the X.509 certificate handling of Wget might enable remote attackers to conduct man-in-the-middle attacks. The vendor reported that Wget does not properly handle Common Name (CN) fields in X.509 certificates that contain an ASCII NUL (\\0) character. Specifically, the processing of such fields is stopped at the first occurrence of a NUL character. This type of vulnerability was recently discovered by Dan Kaminsky and Moxie Marlinspike. Versions less than 1.12 are affected.

tags | advisory, remote
systems | linux, gentoo
advisories | CVE-2009-3490
SHA-256 | e19b1568c90378a3d70151fe317843af4d60f22b3c3395301e1bcc36f4edb4fd
Debian Linux Security Advisory 1904-1
Posted Oct 12, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1904-1 - Daniel Stenberg discovered that wget, a network utility to retrieve files from the Web using http(s) and ftp, is vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" published at the Blackhat conference some time ago. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field.

tags | advisory, web
systems | linux, debian
advisories | CVE-2009-3490
SHA-256 | 3843134110b6c71b79bd051847e6f367cb74138ba26cadaffdaa04ae54eb2b3c
Ubuntu Security Notice 842-1
Posted Oct 6, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 842-1 - It was discovered that Wget did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2009-3490
SHA-256 | b9dec6517e790c9e09c7a94658d37d6b784a845a1b7ece20faae1c0bbc910b8d
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close