Vigil@nce: Firefox, NSPR, NSS, X.509 troncated with null
August 2009 by Vigil@nce
An attacker can invite the victim to connect to a SSL site using a
X.509 certificate with a Common Name containing a null character,
in order to deceive the victim.
Severity: 2/4
Consequences: data reading
Provenance: internet server
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 31/07/2009
IMPACTED PRODUCTS
– Mozilla Firefox
– Red Hat Enterprise Linux
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The null character (’\0’) is used as a string terminator.
When the Common Name of a X.509 certificate contains a null
character, the string is truncated by some software based on
NSPR/NSS (such as Firefox), and the victim may be lured to think
he’s on a trusted site.
An attacker can therefore invite the victim to connect to a SSL
site using a X.509 certificate with a Common Name containing a
null character, in order to deceive the victim.
CHARACTERISTICS
Identifiers: 510251, BID-35888, CVE-2009-2408, MFSA 2009-42, MFSA
2009-43, RHSA-2009:1184-01, RHSA-2009:1186-01, RHSA-2009:1190-01,
VIGILANCE-VUL-8908
Pointed by: VIGILANCE-ACTU-1847, VIGILANCE-VUL-8906,
VIGILANCE-VUL-8913, VIGILANCE-VUL-8919
http://vigilance.fr/vulnerability/Firefox-NSPR-NSS-X-509-troncated-with-null-8908