CVE-2009-2730

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

References

http://article.gmane.org/gmane.network.gnutls.general/1733

http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html

http://secunia.com/advisories/36266

http://secunia.com/advisories/36496

http://www.openwall.com/lists/oss-security/2009/08/14/6

http://www.redhat.com/support/errata/RHSA-2009-1232.html

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.securitytracker.com/id?1022777

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/52404

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409

https://rhn.redhat.com/errata/RHSA-2010-0095.html

Details

Source: MITRE

Published: 2009-08-12

Updated: 2018-10-10

Type: CWE-310

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:* versions up to 2.8.1 (inclusive)

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
67916Oracle Linux 4 / 5 : gnutls (ELSA-2009-1232)NessusOracle Linux Local Security Checks
high
60647Scientific Linux Security Update : gnutls on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
59671GLSA-201206-18 : GnuTLS: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
56458GLSA-201110-05 : GnuTLS: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
44800Debian DSA-1935-1 : gnutls13 gnutls26 - several vulnerabilitiesNessusDebian Local Security Checks
high
44618openSUSE Security Update : gnutls (gnutls-1938)NessusSuSE Local Security Checks
high
42994Mandriva Linux Security Advisory : gnutls (MDVSA-2009:308)NessusMandriva Local Security Checks
high
42168Slackware 12.1 / 12.2 / 13.0 / current : gnutls (SSA:2009-290-01)NessusSlackware Local Security Checks
high
42002openSUSE 10 Security Update : gnutls (gnutls-6471)NessusSuSE Local Security Checks
high
41629Fedora 10 : gnutls-2.4.2-5.fc10 (2009-8622)NessusFedora Local Security Checks
high
41628Fedora 11 : gnutls-2.6.6-3.fc11 (2009-8565)NessusFedora Local Security Checks
high
41399SuSE 11 Security Update : GnuTLS (SAT Patch Number 1260)NessusSuSE Local Security Checks
high
41323SuSE9 Security Update : GnuTLS (YOU Patch Number 12501)NessusSuSE Local Security Checks
high
40904openSUSE Security Update : gnutls (gnutls-1259)NessusSuSE Local Security Checks
high
40903openSUSE Security Update : gnutls (gnutls-1259)NessusSuSE Local Security Checks
high
40782RHEL 4 / 5 : gnutls (RHSA-2009:1232)NessusRed Hat Local Security Checks
high
40779CentOS 4 / 5 : gnutls (CESA-2009:1232)NessusCentOS Local Security Checks
high
40695Mandriva Linux Security Advisory : gnutls (MDVSA-2009:210)NessusMandriva Local Security Checks
high
40659FreeBSD : GnuTLS -- improper SSL certificate verification (856a6f84-8b30-11de-8062-00e0815b8da8)NessusFreeBSD Local Security Checks
high
40656Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : gnutls12, gnutls13, gnutls26 vulnerabilities (USN-809-1)NessusUbuntu Local Security Checks
high