Vigil@nce: Mutt, X.509 troncated with null
September 2009 by Vigil@nce
An attacker can invite the victim to connect to a SSL site using a
X.509 certificate with a field containing a null character, in
order to deceive the victim.
– Severity: 2/4
– Consequences: data reading
– Provenance: internet server
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 03/09/2009
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The Mutt messaging client implements a SSL/TLS client.
When a X.509 certificate contains a null character in the Common
Name or Subject Alternate Name field, Mutt truncates this field.
This vulnerability is similar to VIGILANCE-VUL-8908
(https://vigilance.fr/tree/1/8908), even if the vulnerable source
code is different.
An attacker can therefore invite the victim to connect to a SSL
site using a X.509 certificate with a field containing a null
character, in order to deceive the victim.
CHARACTERISTICS
– Identifiers: BID-36249, BID-36251, VIGILANCE-VUL-8995
– Url: http://vigilance.fr/vulnerability/Mutt-X-509-troncated-with-null-8995