Vigil@nce: OpenLDAP, X.509 troncated with null
September 2009 by
An attacker can invite the victim to connect to a SSL site using a
X.509 certificate with a field containing a null character, in
order to deceive the victim.
– Severity: 2/4
– Consequences: data reading
– Provenance: internet server
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 03/09/2009
IMPACTED PRODUCTS
– OpenLDAP
DESCRIPTION OF THE VULNERABILITY
The OpenLDAP client implements a SSL/TLS client.
When a X.509 certificate contains a null character in the Common
Name or Subject Alternate Name field, OpenLDAP truncates this
field. This vulnerability is similar to VIGILANCE-VUL-8908
(https://vigilance.fr/tree/1/8908), even if the vulnerable source
code is different.
An attacker can therefore invite the victim to connect to a SSL
site using a X.509 certificate with a field containing a null
character, in order to deceive the victim.
CHARACTERISTICS
– Identifiers: VIGILANCE-VUL-8996
– Url: http://vigilance.fr/vulnerability/OpenLDAP-X-509-troncated-with-null-8996