oss-sec mailing list archives
Re: CVE Request 1, NSS 2, Qt: Doesn't handle wildcards in Common Name properly
From: Tomas Hoger <thoger () redhat com>
Date: Mon, 27 Sep 2010 15:40:53 +0200
On Mon, 06 Sep 2010 20:19:52 +0200 Florian Weimer wrote:
1, Network Security Services (NSS) handled wildcard (*) character in the Common Name field of a x509v3 digital certificate. If an attacker is able to get a carefully-crafted certificate, signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during the man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. Different vulnerability than CVE-2009-2408. References: [1] http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt [2] http://bugs.gentoo.org/show_bug.cgi?id=335731Is this really a _security_ bug? The CN was not validated by the CA, so it's the CA's fault (which you have to trust, but still).
If we look back to CVE-2009-2408, similar bug was fixed at that time without being handled as security flaw. NSS used to allow '*' wildcard to match more than one host name label, or even the whole name. As noted elsewhere in this thread, such wildcard handling can be found elsewhere too, with fixes handled as security enhancements, rather than security flaw fixes. -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- CVE Request 1, NSS 2, Qt: Doesn't handle wildcards in Common Name properly Jan Lieskovsky (Sep 03)
- Re: CVE Request 1, NSS 2, Qt: Doesn't handle wildcards in Common Name properly Reed Loden (Sep 03)
- Re: CVE Request 1, NSS 2, Qt: Doesn't handle wildcards in Common Name properly Julien Cristau (Sep 03)
- Re: CVE Request 1, NSS 2, Qt: Doesn't handle wildcards in Common Name properly Reed Loden (Sep 03)
- Re: CVE Request 1, NSS 2, Qt: Doesn't handle wildcards in Common Name properly Julien Cristau (Sep 03)
- Re: CVE Request 1, NSS 2, Qt: Doesn't handle wildcards in Common Name properly Joe Orton (Sep 04)
- Re: CVE Request 1, NSS 2, Qt: Doesn't handle wildcards in Common Name properly Richard Moore (Sep 05)
- Re: CVE Request 1, NSS 2, Qt: Doesn't handle wildcards in Common Name properly Florian Weimer (Sep 06)
- Re: CVE Request 1, NSS 2, Qt: Doesn't handle wildcards in Common Name properly Tomas Hoger (Sep 27)
- Re: CVE Request 1, NSS 2, Qt: Doesn't handle wildcards in Common Name properly Reed Loden (Sep 03)