CVE-2009-3767
Published: 23 October 2009
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Notes
Author | Note |
---|---|
mdeslaur | openldap in hardy and intrepid only have gnutls backend we compile jaunty-lucid with gnutls, not openssl so we're not vulnerable to this. (debian/configure.options) openldap2 in dapper has been patched with gnutls support, so not vulnerable. This is the library to which all dapper applications are linked, to not conflict with the openssl license. openldap2.2 in dapper uses openssl and is vulnerable. |
Priority
Status
Package | Release | Status |
---|---|---|
openldap Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Not vulnerable
(code not present)
|
|
jaunty |
Not vulnerable
(not compiled with openssl)
|
|
karmic |
Not vulnerable
(not compiled with openssl)
|
|
Patches: upstream: http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8&r2=1.11&f=h upstream: http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.11&r2=1.12&hideattic=1&sortbydate=0 (related?) |
||
openldap2.3 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Does not exist
|
|
hardy |
Not vulnerable
(code not present)
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
openldap2.2 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Released
(2.2.26-5ubuntu2.9)
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
openldap2 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Not vulnerable
(compiled with gnutls patch)
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|