[Secure-testing-team] Bug#549293: CVE-2009-3490: does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate
Giuseppe Iuculano
giuseppe at iuculano.it
Fri Oct 2 07:39:59 UTC 2009
Package: wget
Version: 1.11.4-4
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for wget.
CVE-2009-3490[0]:
| GNU Wget before 1.12 does not properly handle a '\0' character in a
| domain name in the Common Name field of an X.509 certificate, which
| allows man-in-the-middle remote attackers to spoof arbitrary SSL
| servers via a crafted certificate issued by a legitimate Certification
| Authority, a related issue to CVE-2009-2408.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3490
http://security-tracker.debian.net/tracker/CVE-2009-3490
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkrFrkwACgkQNxpp46476aqi+gCePfmrLdxhk/yebah+M5rMO0uC
P3oAn3EA9CZ+IdC2g0Da3eIlIKLEtT8Q
=346W
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list