oss-sec mailing list archives
CVE Request: libesmtp does not check NULL bytes in commonName
From: Kees Cook <kees () ubuntu com>
Date: Wed, 3 Mar 2010 13:58:45 -0800
Hello, I just noticed that libesmtp does not appear to handle NULL-byte CNs, as seen with the original browser-based issue: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 Related to this are failures in wildcard handling: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311191 and CN-specificity: https://bugzilla.redhat.com/show_bug.cgi?id=510202 Though it may be a non-issue if TLS doesn't function at all: http://bugs.gentoo.org/213066 -Kees -- Kees Cook Ubuntu Security Team
Current thread:
- CVE Request: libesmtp does not check NULL bytes in commonName Kees Cook (Mar 03)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Jan Lieskovsky (Mar 09)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 10)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 10)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 11)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 11)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 11)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 11)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 15)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 10)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Jan Lieskovsky (Mar 09)