CVE-2009-2730

EUVD-2009-2721
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
gnugnutls
𝑥
≤ 2.8.1
gnugnutls
1.0.16
gnugnutls
1.0.17
gnugnutls
1.0.18
gnugnutls
1.0.19
gnugnutls
1.0.20
gnugnutls
1.0.21
gnugnutls
1.0.22
gnugnutls
1.0.23
gnugnutls
1.0.24
gnugnutls
1.0.25
gnugnutls
1.1.13
gnugnutls
1.1.14
gnugnutls
1.1.15
gnugnutls
1.1.16
gnugnutls
1.1.17
gnugnutls
1.1.18
gnugnutls
1.1.19
gnugnutls
1.1.20
gnugnutls
1.1.21
gnugnutls
1.1.22
gnugnutls
1.1.23
gnugnutls
1.2.0
gnugnutls
1.2.1
gnugnutls
1.2.2
gnugnutls
1.2.3
gnugnutls
1.2.4
gnugnutls
1.2.5
gnugnutls
1.2.6
gnugnutls
1.2.7
gnugnutls
1.2.8
gnugnutls
1.2.8.1a1:a1
gnugnutls
1.2.9
gnugnutls
1.2.10
gnugnutls
1.2.11
gnugnutls
1.3.0
gnugnutls
1.3.1
gnugnutls
1.3.2
gnugnutls
1.3.3
gnugnutls
1.3.4
gnugnutls
1.3.5
gnugnutls
1.4.0
gnugnutls
1.4.1
gnugnutls
1.4.2
gnugnutls
1.4.3
gnugnutls
1.4.4
gnugnutls
1.4.5
gnugnutls
1.5.0
gnugnutls
1.5.1
gnugnutls
1.5.2
gnugnutls
1.5.3
gnugnutls
1.5.4
gnugnutls
1.5.5
gnugnutls
1.6.0
gnugnutls
1.6.1
gnugnutls
1.6.2
gnugnutls
1.6.3
gnugnutls
1.7.0
gnugnutls
1.7.1
gnugnutls
1.7.2
gnugnutls
1.7.3
gnugnutls
1.7.4
gnugnutls
1.7.5
gnugnutls
1.7.6
gnugnutls
1.7.7
gnugnutls
1.7.8
gnugnutls
1.7.9
gnugnutls
1.7.10
gnugnutls
1.7.11
gnugnutls
1.7.12
gnugnutls
1.7.13
gnugnutls
1.7.14
gnugnutls
1.7.15
gnugnutls
1.7.16
gnugnutls
1.7.17
gnugnutls
1.7.18
gnugnutls
1.7.19
gnugnutls
2.0.0
gnugnutls
2.0.1
gnugnutls
2.0.2
gnugnutls
2.0.3
gnugnutls
2.0.4
gnugnutls
2.1.0
gnugnutls
2.1.1
gnugnutls
2.1.2
gnugnutls
2.1.3
gnugnutls
2.1.4
gnugnutls
2.1.5
gnugnutls
2.1.6
gnugnutls
2.1.7
gnugnutls
2.1.8
gnugnutls
2.2.0
gnugnutls
2.2.1
gnugnutls
2.2.2
gnugnutls
2.2.3
gnugnutls
2.2.4
gnugnutls
2.2.5
gnugnutls
2.3.0
gnugnutls
2.3.1
gnugnutls
2.3.2
gnugnutls
2.3.3
gnugnutls
2.3.4
gnugnutls
2.3.5
gnugnutls
2.3.6
gnugnutls
2.3.7
gnugnutls
2.3.8
gnugnutls
2.3.9
gnugnutls
2.3.10
gnugnutls
2.3.11
gnugnutls
2.4.0
gnugnutls
2.4.1
gnugnutls
2.4.2
gnugnutls
2.5.0
gnugnutls
2.6.0
gnugnutls
2.6.1
gnugnutls
2.6.2
gnugnutls
2.6.3
gnugnutls
2.6.4
gnugnutls
2.6.5
gnugnutls
2.6.6
gnugnutls
2.8.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnutls11
dapper
ignored
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
gnutls12
dapper
Fixed 1.2.9-2ubuntu1.7
released
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
gnutls13
dapper
dne
hardy
Fixed 2.0.4-1ubuntu2.6
released
intrepid
dne
jaunty
dne
karmic
dne
gnutls26
dapper
dne
hardy
dne
intrepid
Fixed 2.4.1-1ubuntu0.4
released
jaunty
Fixed 2.4.2-6ubuntu0.1
released
karmic
Fixed 2.6.6-1ubuntu1
released
Common Weakness Enumeration
References
http://article.gmane.org/gmane.network.gnutls.general/1733
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
http://secunia.com/advisories/36266
http://secunia.com/advisories/36496
http://www.openwall.com/lists/oss-security/2009/08/14/6
http://www.redhat.com/support/errata/RHSA-2009-1232.html
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securitytracker.com/id?1022777
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/52404
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://article.gmane.org/gmane.network.gnutls.general/1733
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
http://secunia.com/advisories/36266
http://secunia.com/advisories/36496
http://www.openwall.com/lists/oss-security/2009/08/14/6
http://www.redhat.com/support/errata/RHSA-2009-1232.html
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securitytracker.com/id?1022777
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/52404
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409
https://rhn.redhat.com/errata/RHSA-2010-0095.html