[Help-gnutls] Re: GnuTLS 2.8.2
simon at josefsson.org
Wed Aug 12 10:54:34 CEST 2009
Jeff Cai <Jeff.Cai at Sun.COM> writes:
>> What's New
>> ** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields.
>> By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS
>> into 1) not printing the entire CN/SAN field value when printing a
>> certificate and 2) cause incorrect positive matches when matching a
>> hostname against a certificate. Some CAs apparently have poor
>> checking of CN/SAN values and issue these (arguable invalid)
>> certificates. Combined, this can be used by attackers to become a
>> MITM on server-authenticated TLS sessions. The problem is mitigated
>> since attackers needs to get one certificate per site they want to
>> attack, and the attacker reveals his tracks by applying for a
>> certificate at the CA. It does not apply to client authenticated TLS
>> sessions. Research presented independently by Dan Kaminsky and Moxie
>> Marlinspike at BlackHat09. Thanks to Tomas Hoger <thoger at redhat.com>
>> for providing one part of the patch. [GNUTLS-SA-2009-4].
> How is it affecting old versions of gnutls like 2.6 and 2.4? Do they
> also need a patch applied if not upgrading them?
Yes. I believe all earlier versions are affected.
More information about the Gnutls-help