oss-sec mailing list archives

CVE Request: libesmtp does not check NULL bytes in commonName

From: Kees Cook <kees () ubuntu com>
Date: Wed, 3 Mar 2010 13:58:45 -0800

Hello,

I just noticed that libesmtp does not appear to handle NULL-byte CNs, as
seen with the original browser-based issue:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408

Related to this are failures in wildcard handling:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311191
and CN-specificity:
 https://bugzilla.redhat.com/show_bug.cgi?id=510202

Though it may be a non-issue if TLS doesn't function at all:
 http://bugs.gentoo.org/213066

-Kees

-- 
Kees Cook
Ubuntu Security Team

Current thread:

CVE Request: libesmtp does not check NULL bytes in commonName Kees Cook (Mar 03)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Jan Lieskovsky (Mar 09)
  - Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 10)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 10)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 11)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 11)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 11)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 11)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 15)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 16)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 16)

(Thread continues...)