Signature Detail
Short Name |
SSL:INVALID:NULL-CERT |
|---|---|
Severity |
Medium |
Recommended |
Yes |
Category |
SSL |
Keywords |
Null byte name cert |
Release Date |
2009/08/07 |
Update Number |
1479 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SSL: Null Byte in Common Name
This signature detects attempts to exploit a known vulnerability against multiple browsers. If a null-byte is present in the certificate name, the certificate displays incompletely, so an attacker could use a man-in-the-middle attack over the encrypted channel using this method.
Extended Description
GnuTLS is prone to a security-bypass vulnerability because it fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. Versions prior to GnuTLS 2.8.2 are vulnerable.
Affected Products
- Avaya Aura SIP Enablement Services 3.1
- Avaya Aura SIP Enablement Services 3.1.1
- Avaya Aura SIP Enablement Services 5.0
- Avaya Aura SIP Enablement Services 5.1
- Avaya Aura SIP Enablement Services 5.2
- Avaya Communication Manager 3.1
- Avaya Intuity AUDIX LX 2.0
- Avaya Intuity AUDIX LX 2.0 SP1
- Avaya Intuity AUDIX LX 2.0 SP2
- Avaya Meeting Exchange 5.0
- Avaya Meeting Exchange 5.0 SP1
- Avaya Meeting Exchange 5.0 SP2
- Avaya Meeting Exchange 5.1
- Avaya Meeting Exchange 5.1 SP1
- Avaya Meeting Exchange 5.2
- Avaya Message Networking MN 3.1
- Avaya Messaging Storage Server 3.1
- Avaya Messaging Storage Server 4.0
- Avaya Messaging Storage Server 5.0
- Avaya Messaging Storage Server MM3.0
- Avaya Proactive Contact 4.1
- Debian Linux 4.0
- Debian Linux 4.0 Alpha
- Debian Linux 4.0 Amd64
- Debian Linux 4.0 Arm
- Debian Linux 4.0 Armel
- Debian Linux 4.0 Hppa
- Debian Linux 4.0 Ia-32
- Debian Linux 4.0 Ia-64
- Debian Linux 4.0 M68k
- Debian Linux 4.0 Mips
- Debian Linux 4.0 Mipsel
- Debian Linux 4.0 Powerpc
- Debian Linux 4.0 S/390
- Debian Linux 4.0 Sparc
- Debian Linux 5.0
- Debian Linux 5.0 Alpha
- Debian Linux 5.0 Amd64
- Debian Linux 5.0 Arm
- Debian Linux 5.0 Armel
- Debian Linux 5.0 Hppa
- Debian Linux 5.0 Ia-32
- Debian Linux 5.0 Ia-64
- Debian Linux 5.0 M68k
- Debian Linux 5.0 Mips
- Debian Linux 5.0 Mipsel
- Debian Linux 5.0 Powerpc
- Debian Linux 5.0 S/390
- Debian Linux 5.0 Sparc
- Gentoo Linux
- GNU GnuTLS 2.0.0
- GNU GnuTLS 2.2.0
- GNU GnuTLS 2.2.1
- GNU GnuTLS 2.2.2
- GNU GnuTLS 2.2.3
- GNU GnuTLS 2.2.4
- GNU GnuTLS 2.2.5
- GNU GnuTLS 2.4.0
- GNU GnuTLS 2.4.1
- GNU GnuTLS 2.6.0
- GNU GnuTLS 2.6.1
- GNU GnuTLS 2.6.2
- GNU GnuTLS 2.6.3
- GNU GnuTLS 2.6.4
- GNU GnuTLS 2.6.5
- GNU GnuTLS 2.6.6
- GNU GnuTLS 2.8.1
- Mandriva Corporate Server 4.0
- Mandriva Corporate Server 4.0.0 X86 64
- Mandriva Enterprise Server 5
- Mandriva Enterprise Server 5 X86 64
- Mandriva Linux Mandrake 2008.0
- Mandriva Linux Mandrake 2008.0 X86 64
- Mandriva Linux Mandrake 2008.1
- Mandriva Linux Mandrake 2008.1 X86 64
- Mandriva Linux Mandrake 2009.0
- Mandriva Linux Mandrake 2009.0 X86 64
- Mandriva Linux Mandrake 2009.1
- Mandriva Linux Mandrake 2009.1 X86 64
- Pardus Linux 2009
- Red Hat Enterprise Linux 5 Server
- Red Hat Enterprise Linux Desktop Version 4
- Red Hat Enterprise Linux AS 4
- Red Hat Enterprise Linux Desktop 5 Client
- Red Hat Enterprise Linux Desktop Workstation 5 Client
- Red Hat Enterprise Linux ES 4
- Red Hat Enterprise Linux WS 4
- Red Hat Fedora 10
- Red Hat Fedora 11
- Slackware Linux 12.1
- Slackware Linux 12.2
- Slackware Linux 13.0
- Slackware Linux 13.0 X86 64
- Slackware Linux -Current
- Slackware Linux X86 64 -Current
- SuSE openSUSE 10.3
- SuSE openSUSE 11.0
- SuSE openSUSE 11.1
- SuSE openSUSE 11.2
- SuSE SUSE Linux Enterprise 10
- SuSE SUSE Linux Enterprise 11
- Ubuntu Ubuntu Linux 6.06 LTS Amd64
- Ubuntu Ubuntu Linux 6.06 LTS I386
- Ubuntu Ubuntu Linux 6.06 LTS Powerpc
- Ubuntu Ubuntu Linux 6.06 LTS Sparc
- Ubuntu Ubuntu Linux 8.04 LTS Amd64
- Ubuntu Ubuntu Linux 8.04 LTS I386
- Ubuntu Ubuntu Linux 8.04 LTS Lpia
- Ubuntu Ubuntu Linux 8.04 LTS Powerpc
- Ubuntu Ubuntu Linux 8.04 LTS Sparc
- Ubuntu Ubuntu Linux 8.10 Amd64
- Ubuntu Ubuntu Linux 8.10 I386
- Ubuntu Ubuntu Linux 8.10 Lpia
- Ubuntu Ubuntu Linux 8.10 Powerpc
- Ubuntu Ubuntu Linux 8.10 Sparc
- Ubuntu Ubuntu Linux 9.04 Amd64
- Ubuntu Ubuntu Linux 9.04 I386
- Ubuntu Ubuntu Linux 9.04 Lpia
- Ubuntu Ubuntu Linux 9.04 Powerpc
- Ubuntu Ubuntu Linux 9.04 Sparc
References
- BugTraq: 35952