exploits , vulnerabilities , articles , OpenLDAP X.509 Certificate NULL Character Certificate Validation Security Bypass Vulnerability

Title	OpenLDAP X.509 Certificate NULL Character Certificate Validation Security Bypass Vulnerability
Published	2009-09-03-12:00AM
Updated	2009-10-28-06:07PM
Class	Design Error
CVE
Remote	Yes
Local	No
Credit	Joe Orton
Vulnerable	OpenLDAP OpenLDAP 2.4.3 OpenLDAP OpenLDAP 2.4.2 OpenLDAP OpenLDAP 2.4.1 OpenLDAP OpenLDAP 2.4 OpenLDAP OpenLDAP 2.3.41 OpenLDAP OpenLDAP 2.3.40 OpenLDAP OpenLDAP 2.3.39 Trustix Secure Linux 1.5 Trustix Secure Linux 1.2 Trustix Secure Linux 1.1 OpenLDAP OpenLDAP 2.3.27 OpenLDAP OpenLDAP 2.3.25 OpenLDAP OpenLDAP 2.3.6 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.1 OpenLDAP OpenLDAP 2.2.29 OpenLDAP OpenLDAP 2.2.26 S.u.S.E. Linux 8.1 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 OpenLDAP OpenLDAP 2.2.15 S.u.S.E. Linux 8.1 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 OpenLDAP OpenLDAP 2.2.6 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.1 OpenLDAP OpenLDAP 2.1.30 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 Ubuntu Ubuntu Linux 4.1 ia32 OpenLDAP OpenLDAP 2.1.25 Trustix Secure Enterprise Linux 2.0 Trustix Secure Enterprise Linux 2.0 Trustix Secure Linux 2.2 Trustix Secure Linux 2.1 Trustix Secure Linux 2.1 OpenLDAP OpenLDAP 2.1.22 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 9.0 OpenLDAP OpenLDAP 2.1.19 OpenLDAP OpenLDAP 2.1.18 OpenLDAP OpenLDAP 2.1.17 OpenLDAP OpenLDAP 2.1.16 Conectiva Linux 9.0 OpenLDAP OpenLDAP 2.1.15 OpenLDAP OpenLDAP 2.1.14 OpenLDAP OpenLDAP 2.1.13 OpenLDAP OpenLDAP 2.1.12 S.u.S.E. Linux Personal 8.2 OpenLDAP OpenLDAP 2.1.11 OpenLDAP OpenLDAP 2.1.10 OpenLDAP OpenLDAP 2.1.4 Conectiva Linux Enterprise Edition 1.0 OpenLDAP OpenLDAP 2.1 .20 OpenLDAP OpenLDAP 2.0.27 OpenLDAP OpenLDAP 2.0.25 Conectiva Linux 8.0 Conectiva Linux 8.0 Gentoo Linux 1.4 _rc1 Gentoo Linux 1.4 _rc1 Gentoo Linux 1.2 Gentoo Linux 1.2 MandrakeSoft Linux Mandrake 9.0 RedHat Linux 8.0 i386 RedHat Linux 8.0 i386 RedHat Linux 8.0 RedHat Linux 8.0 OpenLDAP OpenLDAP 2.0.23 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 m68k Debian Linux 3.0 ia64 Debian Linux 3.0 ia64 Debian Linux 3.0 ia32 Debian Linux 3.0 ia32 Debian Linux 3.0 hppa Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0 alpha Debian Linux 3.0 Debian Linux 3.0 RedHat Linux 7.3 i386 RedHat Linux 7.3 i386 RedHat Linux 7.3 RedHat Linux 7.3 S.u.S.E. Linux 8.0 S.u.S.E. Linux 8.0 OpenLDAP OpenLDAP 2.0.22 OpenLDAP OpenLDAP 2.0.21 Conectiva Linux 7.0 Conectiva Linux 7.0 Conectiva Linux 6.0 Conectiva Linux 6.0 MandrakeSoft Linux Mandrake 8.2 ppc MandrakeSoft Linux Mandrake 8.2 MandrakeSoft Linux Mandrake 8.2 OpenLDAP OpenLDAP 2.0.20 OpenLDAP OpenLDAP 2.0.19 Conectiva Linux 7.0 Conectiva Linux 6.0 Conectiva Linux 6.0 OpenLDAP OpenLDAP 2.0.18 Conectiva Linux 7.0 Conectiva Linux 6.0 Conectiva Linux 6.0 OpenLDAP OpenLDAP 2.0.17 Conectiva Linux 7.0 Conectiva Linux 6.0 Conectiva Linux 6.0 OpenLDAP OpenLDAP 2.0.16 OpenLDAP OpenLDAP 2.0.15 Conectiva Linux 7.0 Conectiva Linux 6.0 Conectiva Linux 6.0 OpenLDAP OpenLDAP 2.0.14 MandrakeSoft Linux Mandrake 8.1 ia64 MandrakeSoft Linux Mandrake 8.1 MandrakeSoft Linux Mandrake 8.1 MandrakeSoft Linux Mandrake 8.0 ppc MandrakeSoft Linux Mandrake 8.0 OpenLDAP OpenLDAP 2.0.13 OpenLDAP OpenLDAP 2.0.12 S.u.S.E. Linux 7.3 sparc S.u.S.E. Linux 7.3 sparc S.u.S.E. Linux 7.3 ppc S.u.S.E. Linux 7.3 S.u.S.E. Linux 7.3 OpenLDAP OpenLDAP 2.0.11 9 Caldera OpenLinux Server 3.1.1 Caldera OpenLinux Server 3.1.1 Caldera OpenLinux Workstation 3.1.1 OpenLDAP OpenLDAP 2.0.11 11S Caldera OpenLinux eBuilder 3.0 Caldera OpenLinux eBuilder 3.0 SCO eServer 2.3.1 OpenLDAP OpenLDAP 2.0.11 11 Caldera OpenLinux 3.1 IA64 Caldera OpenLinux Server 3.1.1 Caldera OpenLinux Server 3.1.1 Caldera OpenLinux Server 3.1 Caldera OpenLinux Server 3.1 Caldera OpenLinux Workstation 3.1.1 Caldera OpenLinux Workstation 3.1.1 Caldera OpenLinux Workstation 3.1 Caldera OpenLinux Workstation 3.1 OpenLDAP OpenLDAP 2.0.11 Caldera OpenLinux Server 3.1.1 Caldera OpenLinux Server 3.1.1 Caldera OpenLinux Workstation 3.1.1 Conectiva Linux 7.0 Conectiva Linux 7.0 Conectiva Linux 6.0 Conectiva Linux 6.0 HP Secure OS software for Linux 1.0 HP Secure OS software for Linux 1.0 RedHat Linux 7.2 ia64 RedHat Linux 7.2 ia64 RedHat Linux 7.2 i386 RedHat Linux 7.2 i386 RedHat Linux 7.2 alpha RedHat Linux 7.2 alpha RedHat Linux 7.2 RedHat Linux 7.2 RedHat Linux 7.1 ia64 RedHat Linux 7.1 i386 RedHat Linux 7.1 S.u.S.E. Linux 7.2 S.u.S.E. Linux 7.2 S.u.S.E. Linux 7.1 sparc S.u.S.E. Linux 7.1 sparc S.u.S.E. Linux 7.1 ppc S.u.S.E. Linux 7.1 ppc S.u.S.E. Linux 7.1 alpha S.u.S.E. Linux 7.1 alpha S.u.S.E. Linux 7.1 S.u.S.E. Linux 7.1 OpenLDAP OpenLDAP 2.0.10 OpenLDAP OpenLDAP 2.0.9 OpenLDAP OpenLDAP 2.0.8 OpenLDAP OpenLDAP 2.0.7 Caldera OpenLinux 3.1 IA64 Caldera OpenLinux eBuilder 3.0 Caldera OpenLinux eBuilder 3.0 Caldera OpenLinux Server 3.1 Caldera OpenLinux Server 3.1 Caldera OpenLinux Workstation 3.1 Caldera OpenLinux Workstation 3.1 HP Secure OS software for Linux 1.0 HP Secure OS software for Linux 1.0 MandrakeSoft Linux Mandrake 8.0 ppc MandrakeSoft Linux Mandrake 8.0 ppc MandrakeSoft Linux Mandrake 8.0 MandrakeSoft Linux Mandrake 8.0 RedHat Linux 7.1 ia64 RedHat Linux 7.1 ia64 RedHat Linux 7.1 i386 RedHat Linux 7.1 i386 RedHat Linux 7.1 alpha RedHat Linux 7.1 alpha RedHat Linux 7.1 RedHat Linux 7.1 SCO eServer 2.3.1 SCO eServer 2.3.1 OpenLDAP OpenLDAP 2.0.6 OpenLDAP OpenLDAP 2.0.5 OpenLDAP OpenLDAP 2.0.4 OpenLDAP OpenLDAP 2.0.3 OpenLDAP OpenLDAP 2.0.2 OpenLDAP OpenLDAP 2.0.1 OpenLDAP OpenLDAP 2.3.28E1.0.0 OpenLDAP OpenLDAP 2.3.2820061022 OpenLDAP OpenLDAP 2.3.282.20061022 OpenLDAP OpenLDAP 2.3.272.20061018
Not Vulnerable
Code	Attackers use man-in-the-middle attacks to exploit this issue.
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-11-26 ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
• 2009-11-26 America Online ICQ ActiveX Control Remote Code Execution Vulnerability
• 2009-11-26 Novell eDirectory iMonitor HTTPSTK Buffer Overflow Vulnerability
• 2009-11-25 Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability
• 2009-11-25 XM Easy Personal FTP Server File/Folder Remote Denial of Service Vulnerability
• 2009-11-25 Subscribe to Comments Prior to 2.1 Multiple Unspecified Cross Site Scripting Vulnerabilities
• 2009-11-25 Mozilla Firefox CVE-2009-3383 Multiple Remote Memory Corruption Vulnerabilities
• 2009-11-24 Subscribe to Comments WordPress Plugin Multiple Unspecified Input Validation Vulnerabilities
• 2009-11-24 RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
• 2009-11-24 Cacti Multiple HTML Injection Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Sat, 28 Nov 2009 13:34:54 +0000