FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

GnuTLS -- improper SSL certificate verification

Affected packages
gnutls < 2.8.3
gnutls-devel < 2.9.0

Details

VuXML ID 856a6f84-8b30-11de-8062-00e0815b8da8
Discovery 2009-08-11
Entry 2009-08-17

GnuTLS reports:

By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS into 1) not printing the entire CN/SAN field value when printing a certificate and 2) cause incorrect positive matches when matching a hostname against a certificate.

References

CVE Name CVE-2009-2730
URL http://article.gmane.org/gmane.network.gnutls.general/1733
URL http://secunia.com/advisories/36266