FreeBSD : serf -- SSL Certificate Null Byte Poisoning (69048656-2187-11e4-802c-20cf30e32f6d)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

serf Development list reports :

Serf provides APIs to retrieve information about a certificate. These
APIs return the information as NUL terminated strings (commonly called
C strings). X.509 uses counted length strings which may include a NUL
byte. This means that a library user will interpret any information as
ending upon seeing this NUL byte and will only see a partial value for
that field.

Attackers could exploit this vulnerability to create a certificate
that a client will accept for a different hostname than the full
certificate is actually for by embedding a NUL byte in the
certificate.

This can lead to a man-in-the-middle attack. There are no known
instances of this problem being exploited in the wild and in practice
it should be difficult to actually exploit this vulnerability.

See also :

http://www.nessus.org/u?9680c22f

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 77124 ()

Bugtraq ID:

CVE ID: CVE-2014-3504

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now