Vulnerabilities > CVE-2009-2474 - Inadequate Encryption Strength vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Brute Force In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions. The key factor in this attack is the attackers' ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. While the defender cannot control the resources available to an attacker, they can control the size of the secret space. Creating a large secret space involves selecting one's secret from as large a field of equally likely alternative secrets as possible and ensuring that an attacker is unable to reduce the size of this field using available clues or cryptanalysis. Doing this is more difficult than it sounds since elimination of patterns (which, in turn, would provide an attacker clues that would help them reduce the space of potential secrets) is difficult to do using deterministic machines, such as computers. Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the time and resources necessary to do so will exceed the value of the information. For example, a secret space that will likely take hundreds of years to explore is likely safe from raw-brute force attacks.
- Encryption Brute Forcing An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1452.NASL description From Red Hat Security Advisory 2009:1452 : Updated neon packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. neon is an HTTP and WebDAV client library, with a C interface. It provides a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections, proxy servers, basic, digest and Kerberos authentication, and has complete SSL support. It was discovered that neon is affected by the previously published last seen 2020-06-01 modified 2020-06-02 plugin id 67927 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67927 title Oracle Linux 4 / 5 : neon (ELSA-2009-1452) NASL family MacOS X Local Security Checks NASL id MACOSX_10_6_5.NASL description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.5. Mac OS X 10.6.5 contains security fixes for the following products : - AFP Server - Apache mod_perl - Apache - AppKit - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdev_cmds - Disk Images - Flash Player plug-in - gzip - Image Capture - ImageIO - Image RAW - Kernel - MySQL - neon - Networking - OpenLDAP - OpenSSL - Password Server - PHP - Printing - python - QuickLook - QuickTime - Safari RSS - Time Machine - Wiki Server - X11 - xar last seen 2020-06-01 modified 2020-06-02 plugin id 50548 published 2010-11-10 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50548 title Mac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-221.NASL description Multiple vulnerabilities has been found and corrected in libneon0.27 : neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564 (CVE-2009-2473). neon before 0.28.6, when OpenSSL is used, does not properly handle a last seen 2020-06-01 modified 2020-06-02 plugin id 40764 published 2009-08-25 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40764 title Mandriva Linux Security Advisory : libneon0.27 (MDVSA-2009:221) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-835-1.NASL description Joe Orton discovered that neon did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 41046 published 2009-09-22 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/41046 title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : neon, neon27 vulnerabilities (USN-835-1) NASL family Fedora Local Security Checks NASL id FEDORA_2009-8815.NASL description This update includes the latest release of neon, version 0.28.6. This fixes two security issues: * the last seen 2020-06-01 modified 2020-06-02 plugin id 40683 published 2009-08-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40683 title Fedora 11 : neon-0.28.6-1.fc11 (2009-8815) NASL family Scientific Linux Local Security Checks NASL id SL_20090921_NEON_ON_SL4_X.NASL description CVE-2009-2473 neon, gnome-vfs2 embedded neon: billion laughs DoS attack CVE-2009-2474 neon: Improper verification of x509v3 certificate with NULL (zero) byte in certain fields It was discovered that neon is affected by the previously published last seen 2020-06-01 modified 2020-06-02 plugin id 60667 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60667 title Scientific Linux Security Update : neon on SL4.x, SL5.x i386/x86_64 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1452.NASL description Updated neon packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. neon is an HTTP and WebDAV client library, with a C interface. It provides a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections, proxy servers, basic, digest and Kerberos authentication, and has complete SSL support. It was discovered that neon is affected by the previously published last seen 2020-06-01 modified 2020-06-02 plugin id 43792 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43792 title CentOS 4 / 5 : neon (CESA-2009:1452) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-315.NASL description A vulnerability has been found and corrected in libneo : neon before 0.28.6, when OpenSSL is used, does not properly handle a last seen 2020-06-01 modified 2020-06-02 plugin id 43018 published 2009-12-07 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43018 title Mandriva Linux Security Advisory : libneon (MDVSA-2009:315) NASL family Fedora Local Security Checks NASL id FEDORA_2009-8794.NASL description This update includes the latest release of neon, version 0.28.6. This fixes two security issues: * the last seen 2020-06-01 modified 2020-06-02 plugin id 40677 published 2009-08-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40677 title Fedora 10 : neon-0.28.6-1.fc10 (2009-8794) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1452.NASL description Updated neon packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. neon is an HTTP and WebDAV client library, with a C interface. It provides a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections, proxy servers, basic, digest and Kerberos authentication, and has complete SSL support. It was discovered that neon is affected by the previously published last seen 2020-06-01 modified 2020-06-02 plugin id 41031 published 2009-09-22 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/41031 title RHEL 4 / 5 : neon (RHSA-2009:1452)
Oval
| accepted | 2013-04-29T04:15:30.491-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:11721 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||
| title | neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- http://lists.manyfish.co.uk/pipermail/neon/2009-August/001044.html
- http://lists.manyfish.co.uk/pipermail/neon/2009-August/001044.html
- http://lists.manyfish.co.uk/pipermail/neon/2009-August/001046.html
- http://lists.manyfish.co.uk/pipermail/neon/2009-August/001046.html
- http://secunia.com/advisories/36371
- http://secunia.com/advisories/36371
- http://secunia.com/advisories/36799
- http://secunia.com/advisories/36799
- http://support.apple.com/kb/HT4435
- http://support.apple.com/kb/HT4435
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:221
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:221
- http://www.securityfocus.com/bid/36079
- http://www.securityfocus.com/bid/36079
- http://www.ubuntu.com/usn/usn-835-1
- http://www.ubuntu.com/usn/usn-835-1
- http://www.vupen.com/english/advisories/2009/2341
- http://www.vupen.com/english/advisories/2009/2341
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11721
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11721
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00924.html
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00924.html
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00945.html
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00945.html