CVE-2009-2417
published 2009-08-14CVE-2009-2417: lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common…
PriorityP336high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.60%
88.0th percentile
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Affected
84 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| curl | libcurl | — | — |
| curl | libcurl | — | — |
| curl | libcurl | — | — |
| curl | libcurl | — | — |
| curl | libcurl | — | — |
| curl | libcurl | — | — |
| curl | libcurl | — | — |
| curl | libcurl | — | — |
| curl | libcurl | — | — |
| curl | libcurl | — | — |
| curl | libcurl | — | — |
| curl | libcurl | — | — |
| curl | libcurl | — | — |
| curl | libcurl | — | — |
| curl | libcurl | — | — |
| curl | libcurl | — | — |
| curl | libcurl | — | — |
| curl | libcurl | — | — |
| curl | libcurl | — | — |
| curl | libcurl | — | — |
| curl | libcurl | — | — |
| curl | libcurl | — | — |
| curl | libcurl | — | — |
| curl | libcurl | — | — |
| curl | libcurl | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv5.9MEDIUM
vendor_ubuntu7.5HIGH
vendor_debian5.9MEDIUM
vendor_redhat5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
curl vulnerabilities
vendor_ubuntu·2011-06-24·CVSS 7.5
CVE-2009-2417 [HIGH] curl vulnerabilities
Title: curl vulnerabilities
Summary: Multiple vulnerabilities in curl.
Richard Silverman discovered that when doing GSSAPI authentication,
libcurl unconditionally performs credential delegation, handing the
server a copy of the client's security credential. (CVE-2011-2192)
Wesley Miaw discovered that when zlib is enabled, libcurl does not
properly restrict the amount of callback data sent to an application
that requests automatic decompression. This might allow an attacker to
cause a denial of service via an application crash or possibly execute
arbitrary code with the privilege of the application. This issue only
affected Ubuntu 8.04 LTS and Ubuntu 10.04 LTS. (CVE-2010-0734)
USN 818-1 fixed an issue with curl's handling of SSL certificates with
zero bytes in the Common Name. Due to a
VMware
VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
vendor_vmware·2009-11-20·CVSS 5.0
CVE-2007-2052 [MEDIUM] VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
VMSA-2009-0016: VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
a. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-
Ubuntu
curl vulnerability
vendor_ubuntu·2009-08-17
CVE-2009-2417 curl vulnerability
Title: curl vulnerability
Summary: curl vulnerability
Scott Cantor discovered that Curl did not correctly handle SSL
certificates with zero bytes in the Common Name. A remote attacker could
exploit this to perform a machine-in-the-middle attack to view sensitive
information or alter encrypted communications.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
curl: incorrect verification of SSL certificate with NUL in name
vendor_redhat·2009-08-12·CVSS 5.9
CVE-2009-2417 [MEDIUM] curl: incorrect verification of SSL certificate with NUL in name
curl: incorrect verification of SSL certificate with NUL in name
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Debian
CVE-2009-2417: curl - lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does ...
vendor_debian·2009·CVSS 5.9
CVE-2009-2417 [MEDIUM] CVE-2009-2417: curl - lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does ...
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Scope: local
bookworm: resolved (fixed in 7.19.5-1.1)
bullseye: resolved (fixed in 7.19.5-1.1)
forky: resolved (fixed in 7.19.5-1.1)
sid: resolved (fixed in 7.19.5-1.1)
trixie: resolved (fixed in 7.19.5-1.1)
GHSA
GHSA-c74q-xg62-9cwm: lib/ssluse
ghsa_unreviewed·2022-05-02·CVSS 5.9
CVE-2009-2417 [MEDIUM] GHSA-c74q-xg62-9cwm: lib/ssluse
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
OSV
CVE-2009-2417: lib/ssluse
osv·2009-08-14·CVSS 5.9
CVE-2009-2417 [MEDIUM] CVE-2009-2417: lib/ssluse
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2009-2417 curl: incorrect verification of SSL certificate with NUL in name
bugzilla·2009-08-07·CVSS 7.5
CVE-2009-2417 [HIGH] CVE-2009-2417 curl: incorrect verification of SSL certificate with NUL in name
CVE-2009-2417 curl: incorrect verification of SSL certificate with NUL in name
A method to bypass SSL certificate name vs. host name verification via NUL ('\0') character embedded in X509 certificate's CommonName or subjectAltName was presented at Black Hat USA 2009:
http://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike
This flaw also affects curl built with OpenSSL crypto library (problem can also affect curl using unpatched versions of NSS or GnuTLS libraries, though updating those libraries to patched versions is sufficient to protect curl versions linked against those libraries).
Upstream advisory:
http://curl.haxx.se/docs/adv_20090812.txt
Upstream patch:
http://cool.haxx.se/cvs.cgi/curl/lib/ssluse.c.diff?r1=1.230&r2=1.235
(minus sni changes from r1.232)
Back
Bugzilla
CVE-2009-0482 bugzilla: CSRF vuln via process_bug.cgi
bugzilla·2009-02-10·CVSS 5.8
CVE-2009-0482 [MEDIUM] CVE-2009-0482 bugzilla: CSRF vuln via process_bug.cgi
CVE-2009-0482 bugzilla: CSRF vuln via process_bug.cgi
Name: CVE-2009-0482
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0482
Assigned: 20090209
Reference: CONFIRM: http://www.bugzilla.org/security/2.22.6/
Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2
before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows
remote attackers to perform bug updating activities as other users via
a link or IMG tag to process_bug.cgi.
Discussion:
Fixed via:
https://admin.fedoraproject.org/updates/F10/FEDORA-2009-2417
https://admin.fedoraproject.org/updates/F10/FEDORA-2009-2418
---
bugzilla-3.2.2-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
---
bugzilla-3.2.2-2.fc10 has be
http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patchhttp://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patchhttp://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patchhttp://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patchhttp://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patchhttp://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patchhttp://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patchhttp://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patchhttp://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patchhttp://curl.haxx.se/docs/adv_20090812.txthttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://secunia.com/advisories/36238http://secunia.com/advisories/36475http://secunia.com/advisories/37471http://secunia.com/advisories/45047http://shibboleth.internet2.edu/secadv/secadv_20090817.txthttp://support.apple.com/kb/HT4077http://wiki.rpath.com/Advisories:rPSA-2009-0124http://www.securityfocus.com/archive/1/506055/100/0/threadedhttp://www.securityfocus.com/archive/1/507985/100/0/threadedhttp://www.securityfocus.com/bid/36032http://www.ubuntu.com/usn/USN-1158-1http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlhttp://www.vupen.com/english/advisories/2009/2263http://www.vupen.com/english/advisories/2009/3316https://exchange.xforce.ibmcloud.com/vulnerabilities/52405https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patchhttp://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patchhttp://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patchhttp://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patchhttp://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patchhttp://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patchhttp://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patchhttp://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patchhttp://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patchhttp://curl.haxx.se/docs/adv_20090812.txthttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://secunia.com/advisories/36238http://secunia.com/advisories/36475http://secunia.com/advisories/37471http://secunia.com/advisories/45047http://shibboleth.internet2.edu/secadv/secadv_20090817.txthttp://support.apple.com/kb/HT4077http://wiki.rpath.com/Advisories:rPSA-2009-0124http://www.securityfocus.com/archive/1/506055/100/0/threadedhttp://www.securityfocus.com/archive/1/507985/100/0/threadedhttp://www.securityfocus.com/bid/36032http://www.ubuntu.com/usn/USN-1158-1http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlhttp://www.vupen.com/english/advisories/2009/2263http://www.vupen.com/english/advisories/2009/3316https://exchange.xforce.ibmcloud.com/vulnerabilities/52405https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542
2009-08-14
Published