CVE-2009-3767 — Improper Certificate Validation in Openldap

CWE-295 — Improper Certificate Validation CWE-297 — Improper Validation of Certificate with Host Mismatch9 documents9 sources

Severity

4.3MEDIUMNVD

OSV5.9

EPSS

2.2%

top 15.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openldap Apple MAC OS X Debian Openldap +3 more

Timeline

PublishedOct 23

Latest updateMay 2

Description

libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages6 packages

▶debiandebian/openldap< openldap 2.4.17-2.1 (bookworm)

▶NVDopenldap/openldap< 2.4.18

▶Debianopenldap/openldap< 2.4.17-2.1+3

▶NVDapple/mac_os_x< 10.6.2

▶msrcmsrc/cbl_mariner_1.0_arm

Also affects: Fedora 11

Patches

Patch: www.openldap.org ↗Patch: www.openldap.org ↗

🔴Vulnerability Details

GHSA

GHSA-hc4m-gmh3-4vxp: libraries/libldap/tls_o↗2022-05-02

▶

OSV

CVE-2009-3767: libraries/libldap/tls_o↗2009-10-23

▶

📋Vendor Advisories

Microsoft

CVE-2009-3767: NIST NVD Details: https://nvd↗2020-09-08

▶

Ubuntu

OpenLDAP vulnerability↗2009-11-12

▶

Red Hat

OpenLDAP: Doesn't properly handle NULL character in subject Common Name↗2009-08-10

▶

Debian

CVE-2009-3767: openldap - libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, ...↗2009

▶

📐Framework References

CWE

Improper Validation of Certificate with Host Mismatch↗

▶

💬Community

Bugzilla

CVE-2009-3767 OpenLDAP: Doesn't properly handle NULL character in subject Common Name↗2009-10-24

▶