[Help-gnutls] Re: GnuTLS 2.8.2

Simon Josefsson simon at josefsson.org
Wed Aug 12 10:54:34 CEST 2009

Jeff Cai <Jeff.Cai at Sun.COM> writes:

>> What's New
>> ==========
>> ** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields.
>> By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS
>> into 1) not printing the entire CN/SAN field value when printing a
>> certificate and 2) cause incorrect positive matches when matching a
>> hostname against a certificate.  Some CAs apparently have poor
>> checking of CN/SAN values and issue these (arguable invalid)
>> certificates.  Combined, this can be used by attackers to become a
>> MITM on server-authenticated TLS sessions.  The problem is mitigated
>> since attackers needs to get one certificate per site they want to
>> attack, and the attacker reveals his tracks by applying for a
>> certificate at the CA.  It does not apply to client authenticated TLS
>> sessions.  Research presented independently by Dan Kaminsky and Moxie
>> Marlinspike at BlackHat09.  Thanks to Tomas Hoger <thoger at redhat.com>
>> for providing one part of the patch.  [GNUTLS-SA-2009-4].
> How is it affecting old versions of gnutls like 2.6 and 2.4? Do they
> also need a patch applied if not upgrading them?

Yes.  I believe all earlier versions are affected.


More information about the Gnutls-help mailing list