Vulnerabilities > CVE-2009-2417 - Cryptographic Issues vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-203.NASL description A vulnerability has been found and corrected in curl : lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a last seen 2020-06-01 modified 2020-06-02 plugin id 40597 published 2009-08-17 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40597 title Mandriva Linux Security Advisory : curl (MDVSA-2009:203-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2009:203. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(40597); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:52"); script_cve_id("CVE-2009-2417"); script_bugtraq_id(36032); script_xref(name:"MDVSA", value:"2009:203-1"); script_name(english:"Mandriva Linux Security Advisory : curl (MDVSA-2009:203-1)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability has been found and corrected in curl : lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '�' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2417). This update provides a solution to this vulnerability. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64curl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64curl4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libcurl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libcurl4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/12/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2008.0", reference:"curl-7.16.4-2.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64curl-devel-7.16.4-2.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64curl4-7.16.4-2.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libcurl-devel-7.16.4-2.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libcurl4-7.16.4-2.2mdv2008.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_11_CURL-090807.NASL description This update of libcurl2 fixes the 0-character handling in the subject name of a SSL certificate. This bug could be used to execute an undetected man-in-the-middle-attack. (CVE-2009-2417) last seen 2020-06-01 modified 2020-06-02 plugin id 41379 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41379 title SuSE 11 Security Update : curl (SAT Patch Number 1173) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41379); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:35"); script_cve_id("CVE-2009-2417"); script_name(english:"SuSE 11 Security Update : curl (SAT Patch Number 1173)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update of libcurl2 fixes the 0-character handling in the subject name of a SSL certificate. This bug could be used to execute an undetected man-in-the-middle-attack. (CVE-2009-2417)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=527990" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-2417.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 1173."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:keyutils-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:keyutils-libs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libcurl4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libcurl4-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libidn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libidn-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2009/08/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (pl) audit(AUDIT_OS_NOT, "SuSE 11.0"); flag = 0; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"curl-7.19.0-11.22.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"keyutils-libs-1.2-107.22")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"libcurl4-7.19.0-11.22.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"libidn-1.10-3.18")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"curl-7.19.0-11.22.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"keyutils-libs-1.2-107.22")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"keyutils-libs-32bit-1.2-107.22")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libcurl4-7.19.0-11.22.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libcurl4-32bit-7.19.0-11.22.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libidn-1.10-3.18")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libidn-32bit-1.10-3.18")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"curl-7.19.0-11.22.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"keyutils-libs-1.2-107.22")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"libcurl4-7.19.0-11.22.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"libidn-1.10-3.18")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"keyutils-libs-32bit-1.2-107.22")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"libcurl4-32bit-7.19.0-11.22.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"libidn-32bit-1.10-3.18")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"keyutils-libs-32bit-1.2-107.22")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"libcurl4-32bit-7.19.0-11.22.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"libidn-32bit-1.10-3.18")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1869.NASL description It was discovered that curl, a client and library to get files from servers using HTTP, HTTPS or FTP, is vulnerable to the last seen 2020-06-01 modified 2020-06-02 plugin id 44734 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44734 title Debian DSA-1869-1 : curl - insufficient input validation code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1869. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(44734); script_version("1.8"); script_cvs_date("Date: 2019/08/02 13:32:22"); script_cve_id("CVE-2009-2417"); script_bugtraq_id(36032); script_xref(name:"DSA", value:"1869"); script_name(english:"Debian DSA-1869-1 : curl - insufficient input validation"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "It was discovered that curl, a client and library to get files from servers using HTTP, HTTPS or FTP, is vulnerable to the 'Null Prefix Attacks Against SSL/TLS Certificates' recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541991" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2009/dsa-1869" ); script_set_attribute( attribute:"solution", value: "Upgrade the curl packages. For the oldstable distribution (etch), this problem has been fixed in version 7.15.5-1etch3. For the stable distribution (lenny), this problem has been fixed in version 7.18.2-8lenny3." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:curl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/08/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"curl", reference:"7.15.5-1etch3")) flag++; if (deb_check(release:"4.0", prefix:"libcurl3", reference:"7.15.5-1etch3")) flag++; if (deb_check(release:"4.0", prefix:"libcurl3-dbg", reference:"7.15.5-1etch3")) flag++; if (deb_check(release:"4.0", prefix:"libcurl3-dev", reference:"7.15.5-1etch3")) flag++; if (deb_check(release:"4.0", prefix:"libcurl3-gnutls", reference:"7.15.5-1etch3")) flag++; if (deb_check(release:"4.0", prefix:"libcurl3-gnutls-dev", reference:"7.15.5-1etch3")) flag++; if (deb_check(release:"4.0", prefix:"libcurl3-openssl-dev", reference:"7.15.5-1etch3")) flag++; if (deb_check(release:"5.0", prefix:"curl", reference:"7.18.2-8lenny3")) flag++; if (deb_check(release:"5.0", prefix:"libcurl3", reference:"7.18.2-8lenny3")) flag++; if (deb_check(release:"5.0", prefix:"libcurl3-dbg", reference:"7.18.2-8lenny3")) flag++; if (deb_check(release:"5.0", prefix:"libcurl3-gnutls", reference:"7.18.2-8lenny3")) flag++; if (deb_check(release:"5.0", prefix:"libcurl4-gnutls-dev", reference:"7.18.2-8lenny3")) flag++; if (deb_check(release:"5.0", prefix:"libcurl4-openssl-dev", reference:"7.18.2-8lenny3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1209.NASL description Updated curl packages that fix security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. Scott Cantor reported that cURL is affected by the previously published last seen 2020-06-01 modified 2020-06-02 plugin id 40593 published 2009-08-17 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40593 title CentOS 3 / 5 : curl (CESA-2009:1209) NASL family SuSE Local Security Checks NASL id SUSE_GNUTLS-6470.NASL description This update of gnutls improves the verification of the domain/subject names in a SSL certificate. CVE-2009-2417 has been assigned to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 41517 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41517 title SuSE 10 Security Update : GnuTLS (ZYPP Patch Number 6470) NASL family SuSE Local Security Checks NASL id SUSE_LIBCURL2-6404.NASL description This update of libcurl2 fixes the 0-character handling in the subject name of a SSL certificate. This bug could be used to execute an undetected man-in-the-middle-attack. (CVE-2009-2417) last seen 2020-06-01 modified 2020-06-02 plugin id 42011 published 2009-10-06 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42011 title openSUSE 10 Security Update : libcurl2 (libcurl2-6404) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1209.NASL description From Red Hat Security Advisory 2009:1209 : Updated curl packages that fix security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. Scott Cantor reported that cURL is affected by the previously published last seen 2020-06-01 modified 2020-06-02 plugin id 67910 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67910 title Oracle Linux 3 / 4 / 5 : curl (ELSA-2009-1209) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1158-1.NASL description Richard Silverman discovered that when doing GSSAPI authentication, libcurl unconditionally performs credential delegation, handing the server a copy of the client last seen 2020-06-01 modified 2020-06-02 plugin id 55414 published 2011-06-24 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55414 title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : curl vulnerabilities (USN-1158-1) NASL family SuSE Local Security Checks NASL id SUSE_COMPAT-CURL2-6408.NASL description This update of libcurl2 fixes the 0-character handling in the subject name of a SSL certificate. This bug could be used to execute an undetected man-in-the-middle-attack. (CVE-2009-2417) Additionally the arbitrary file access problem was fixed. (CVE-2009-0037) last seen 2020-06-01 modified 2020-06-02 plugin id 41489 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41489 title SuSE 10 Security Update : compat-curl2 (ZYPP Patch Number 6408) NASL family MacOS X Local Security Checks NASL id MACOSX_10_6_3.NASL description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.3. Mac OS X 10.6.3 contains security fixes for the following products : - AFP Server - Apache - CoreAudio - CoreMedia - CoreTypes - CUPS - DesktopServices - Disk Images - Directory Services - Dovecot - Event Monitor - FreeRADIUS - FTP Server - iChat Server - ImageIO - Image RAW - Libsystem - Mail - MySQL - OS Services - Password Server - PHP - Podcast Producer - Preferences - PS Normalizer - QuickTime - Ruby - Server Admin - SMB - Tomcat - Wiki Server - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 45372 published 2010-03-29 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45372 title Mac OS X 10.6.x < 10.6.3 Multiple Vulnerabilities NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2009-0019.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2009-2417 (#516257) last seen 2020-06-01 modified 2020-06-02 plugin id 79463 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79463 title OracleVM 2.1 : curl (OVMSA-2009-0019) NASL family SuSE Local Security Checks NASL id SUSE_LIBCURL3-6401.NASL description This update of libcurl2 fixes the 0-character handling in the subject name of a SSL certificate. This bug could be used to execute an undetected man-in-the-middle-attack. (CVE-2009-2417) last seen 2020-06-01 modified 2020-06-02 plugin id 42012 published 2009-10-06 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42012 title openSUSE 10 Security Update : libcurl3 (libcurl3-6401) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2009-226-01.NASL description New curl packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 40598 published 2009-08-18 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40598 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 9.1 / current : curl (SSA:2009-226-01) NASL family SuSE Local Security Checks NASL id SUSE_CURL-6411.NASL description This update of libcurl2 fixes the 0-character handling in the subject name of a SSL certificate. This bug could be used to execute an undetected man-in-the-middle-attack. (CVE-2009-2417) last seen 2020-06-01 modified 2020-06-02 plugin id 41994 published 2009-10-06 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41994 title openSUSE 10 Security Update : curl (curl-6411) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2010-002.NASL description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-002 applied. This security update contains fixes for the following products : - AppKit - Application Firewall - AFP Server - Apache - ClamAV - CoreTypes - CUPS - curl - Cyrus IMAP - Cyrus SASL - Disk Images - Directory Services - Event Monitor - FreeRADIUS - FTP Server - iChat Server - Image RAW - Libsystem - Mail - Mailman - OS Services - Password Server - perl - PHP - PS Normalizer - Ruby - Server Admin - SMB - Tomcat - unzip - vim - Wiki Server - X11 - xar last seen 2020-06-01 modified 2020-06-02 plugin id 45373 published 2010-03-29 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45373 title Mac OS X Multiple Vulnerabilities (Security Update 2010-002) NASL family SuSE Local Security Checks NASL id SUSE_11_1_CURL-090820.NASL description curl did not detect embedded null characters in certificate names. By using specially crafted certificates attackers could exploit that to conduct man in the middle attacks (CVE-2009-2417). Note the previous update that was supposed to fix the issue accidentally lacked the actual fix which was corrected this time. last seen 2020-06-01 modified 2020-06-02 plugin id 40788 published 2009-08-27 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40788 title openSUSE Security Update : curl (curl-1232) NASL family SuSE Local Security Checks NASL id SUSE_CURL-6402.NASL description This update of libcurl2 fixes the 0-character handling in the subject name of a SSL certificate. This bug could be used to execute an undetected man-in-the-middle-attack. (CVE-2009-2417) last seen 2020-06-01 modified 2020-06-02 plugin id 41497 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41497 title SuSE 10 Security Update : curl (ZYPP Patch Number 6402) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2009-0016.NASL description a. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. b. Update Apache Tomcat version Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5) which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. c. Third-party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer last seen 2020-06-01 modified 2020-06-02 plugin id 42870 published 2009-11-23 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42870 title VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components. NASL family SuSE Local Security Checks NASL id SUSE9_12467.NASL description This update of libcurl2 fixes the 0-character handling in the subject name of a SSL certificate. This bug could be used to execute an undetected man-in-the-middle-attack. (CVE-2009-2417) last seen 2020-06-01 modified 2020-06-02 plugin id 41317 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41317 title SuSE9 Security Update : curl (YOU Patch Number 12467) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-818-1.NASL description Scott Cantor discovered that Curl did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40657 published 2009-08-20 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40657 title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : curl vulnerability (USN-818-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200909-20.NASL description The remote host is affected by the vulnerability described in GLSA-200909-20 (cURL: Certificate validation error) Scott Cantor reported that cURL does not properly handle fields in X.509 certificates that contain an ASCII NUL (\\0) character. Specifically, the processing of such fields is stopped at the first occurence of a NUL character. This type of vulnerability was recently discovered by Dan Kaminsky and Moxie Marlinspike. Impact : A remote attacker might employ a specially crafted X.509 certificate (that for instance contains a NUL character in the Common Name field) to conduct man-in-the-middle attacks. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 41637 published 2009-09-28 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41637 title GLSA-200909-20 : cURL: Certificate validation error NASL family Scientific Linux Local Security Checks NASL id SL_20090813_CURL_ON_SL3_X.NASL description Scott Cantor reported that cURL is affected by the previously published last seen 2020-06-01 modified 2020-06-02 plugin id 60639 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60639 title Scientific Linux Security Update : curl on SL3.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_0_CURL-090807.NASL description This update of libcurl2 fixes the 0-character handling in the subject name of a SSL certificate. This bug could be used to execute an undetected man-in-the-middle-attack. (CVE-2009-2417) last seen 2020-06-01 modified 2020-06-02 plugin id 40643 published 2009-08-20 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40643 title openSUSE Security Update : curl (curl-1180) NASL family Misc. NASL id VMWARE_VMSA-2009-0016_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Geronimo - Apache Tomcat - Apache Xerces2 - cURL/libcURL - ISC BIND - Libxml2 - Linux kernel - Linux kernel 64-bit - Linux kernel Common Internet File System - Linux kernel eCryptfs - NTP - Python - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Abstract Window Toolkit (AWT) - Java SE Plugin - Java SE Provider - Java SE Swing - Java SE Web Start last seen 2020-06-01 modified 2020-06-02 plugin id 89117 published 2016-03-03 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89117 title VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check) NASL family Scientific Linux Local Security Checks NASL id SL_20090813_CURL_ON_SL4_X.NASL description CVE-2009-2417 curl: incorrect verification of SSL certificate with NUL in name Scott Cantor reported that cURL is affected by the previously published last seen 2020-06-01 modified 2020-06-02 plugin id 65043 published 2013-03-06 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65043 title Scientific Linux Security Update : curl on SL4.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_1_CURL-090613.NASL description This update of libcurl2 fixes the 0-character handling in the subject name of a SSL certificate. This bug could be used to execute an undetected man-in-the-middle-attack. (CVE-2009-2417) last seen 2020-06-01 modified 2020-06-02 plugin id 40650 published 2009-08-20 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40650 title openSUSE Security Update : curl (curl-1180) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1209.NASL description Updated curl packages that fix security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. Scott Cantor reported that cURL is affected by the previously published last seen 2020-06-01 modified 2020-06-02 plugin id 40608 published 2009-08-18 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40608 title RHEL 3 / 4 / 5 : curl (RHSA-2009:1209) NASL family Scientific Linux Local Security Checks NASL id SL_20090813_CURL_ON_SL5_X.NASL description Scott Cantor reported that cURL is affected by the previously published last seen 2020-06-01 modified 2020-06-02 plugin id 60640 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60640 title Scientific Linux Security Update : curl on SL5.x i386/x86_64
Oval
accepted 2013-04-29T04:01:50.518-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990 comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. family unix id oval:org.mitre.oval:def:10114 status accepted submitted 2010-07-09T03:56:16-04:00 title lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. version 27 accepted 2014-01-20T04:01:40.013-05:00 class vulnerability contributors name Pai Peng organization Hewlett-Packard name Chris Coffin organization The MITRE Corporation
definition_extensions comment VMware ESX Server 4.0 is installed oval oval:org.mitre.oval:def:6293 description lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. family unix id oval:org.mitre.oval:def:8542 status accepted submitted 2010-03-19T16:57:59.000-04:00 title VMware curl vulnerability version 7
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch
- http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch
- http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch
- http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch
- http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch
- http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch
- http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch
- http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch
- http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch
- http://curl.haxx.se/docs/adv_20090812.txt
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
- http://secunia.com/advisories/36238
- http://secunia.com/advisories/36475
- http://secunia.com/advisories/37471
- http://secunia.com/advisories/45047
- http://shibboleth.internet2.edu/secadv/secadv_20090817.txt
- http://support.apple.com/kb/HT4077
- http://wiki.rpath.com/Advisories:rPSA-2009-0124
- http://www.securityfocus.com/archive/1/506055/100/0/threaded
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
- http://www.securityfocus.com/bid/36032
- http://www.ubuntu.com/usn/USN-1158-1
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- http://www.vupen.com/english/advisories/2009/2263
- http://www.vupen.com/english/advisories/2009/3316
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52405
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542