Bug#541439: CVE-2009-2730: does not properly handle a '\0' character

Andreas Metzler ametzler at downhill.at.eu.org
Sat Aug 15 12:20:56 UTC 2009

On 2009-08-14 Giuseppe Iuculano <giuseppe at iuculano.it> wrote:
> Package: gnutls26
> Severity: serious
> Tags: security

> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for gnutls26.

> CVE-2009-2730[0]:
> | libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0'
> | character in a domain name in the subject's (1) Common Name (CN) or
> | (2) Subject Alternative Name (SAN) field of an X.509 certificate,
> | which allows man-in-the-middle attackers to spoof arbitrary SSL
> | servers via a crafted certificate issued by a legitimate Certification
> | Authority.

> If you fix the vulnerability please also make sure to include the
> CVE id in your changelog entry.

> Could you check if gnutls13 is affected please?

> For further information see:

> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2730
>     http://security-tracker.debian.net/tracker/CVE-2009-2730

> Cheers,
> Giuseppe.

Jamie Strandboge has generated patches for older versions of gnutls
and posted them in 

The patch for 2.4.x applies cleanly to the lenny release and seems to
fix the issue. - None of these apply to the etch-version, though.
cu andreas
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the Pkg-gnutls-maint mailing list