Vigil@nce: KDE kssl, X.509 troncated with null
September 2009 by Vigil@nce
An attacker can invite the victim to connect to a SSL site using a
X.509 certificate with a field containing a null character, in
order to deceive the victim.
– Severity: 2/4
– Consequences: data reading
– Provenance: internet server
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 03/09/2009
IMPACTED PRODUCTS
– Fedora
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The kssl class of KDE implements a SSL/TLS client.
When a X.509 certificate contains a null character in the Subject
Alternate Name field, kssl truncates this field. This
vulnerability is similar to VIGILANCE-VUL-8908
(https://vigilance.fr/tree/1/8908), even if the vulnerable source
code is different.
An attacker can therefore invite the victim to connect to a SSL
site using a X.509 certificate with a field containing a null
character, in order to deceive the victim.
CHARACTERISTICS
– Identifiers: 520661, BID-36229, CVE-2009-2702, FEDORA-2009-9391,
FEDORA-2009-9400, VIGILANCE-VUL-8993
– Url: http://vigilance.fr/vulnerability/KDE-kssl-X-509-troncated-with-null-8993