CVE-2009-2474

neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a 0 character in a domain name in the subjects Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Weakness

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Affected Software

Potential Mitigations

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/112.html
• https://cwe.mitre.org/data/definitions/192.html
• https://cwe.mitre.org/data/definitions/20.html

References

• http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
• http://lists.manyfish.co.uk/pipermail/neon/2009-August/001044.html
• http://lists.manyfish.co.uk/pipermail/neon/2009-August/001046.html
• http://secunia.com/advisories/36371
• http://secunia.com/advisories/36799
• http://support.apple.com/kb/HT4435
• http://www.mandriva.com/security/advisories?name=MDVSA-2009:221
• http://www.securityfocus.com/bid/36079
• http://www.ubuntu.com/usn/usn-835-1
• http://www.vupen.com/english/advisories/2009/2341
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11721
• https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00924.html
• https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00945.html