Neon NULL Character CA SSL Certificate Validation Security Bypass Vulnerability

Bugtraq ID: 36079
Class: Design Error
CVE: CVE-2009-2474
Remote: Yes
Local: No
Published: Aug 18 2009 12:00AM
Updated: May 07 2015 05:11PM
Credit: Joe Orton
Vulnerable: Ubuntu Ubuntu Linux 9.04 sparc
Ubuntu Ubuntu Linux 9.04 powerpc
Ubuntu Ubuntu Linux 9.04 lpia
Ubuntu Ubuntu Linux 9.04 i386
Ubuntu Ubuntu Linux 9.04 amd64
Ubuntu Ubuntu Linux 8.10 sparc
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu Ubuntu Linux 8.10 lpia
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu Ubuntu Linux 8.10 amd64
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu Ubuntu Linux 8.04 LTS lpia
Ubuntu Ubuntu Linux 8.04 LTS i386
Ubuntu Ubuntu Linux 8.04 LTS amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
TortoiseSVN TortoiseSVN 1.6
TortoiseSVN TortoiseSVN 1.4.5
TortoiseSVN TortoiseSVN 1.4.4
TortoiseSVN TortoiseSVN 1.4.3
TortoiseSVN TortoiseSVN 1.4.2
TortoiseSVN TortoiseSVN 1.4.1
TortoiseSVN TortoiseSVN 1.4
TortoiseSVN TortoiseSVN 1.3.5
TortoiseSVN TortoiseSVN 1.2.6
TortoiseSVN TortoiseSVN 1.1.7
TortoiseSVN TortioseSVN 1.6.4
TortoiseSVN TortioseSVN 1.5
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4.8.z
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux Desktop version 4
Red Hat Enterprise Linux EUS 5.4.z server
Red Hat Enterprise Linux Desktop 5 client
Red Hat Enterprise Linux AS 4.8.z
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux 5 Server
Pardus Linux 2009 0
Neon Neon 0.28.5
Neon Neon 0.28.3
Neon Neon 0.28.2
Neon Neon 0.28.1
Neon Neon 0.28
Neon Client Library 0.26.3
Neon Client Library 0.26.2
Neon Client Library 0.26.1
Neon Client Library 0.26
Neon Client Library 0.24.6
Neon Client Library 0.24.5
Neon Client Library 0.24.4
Neon Client Library 0.24.3
Neon Client Library 0.24.2
Neon Client Library 0.24.1
Neon Client Library 0.24
Neon Client Library 0.23.8
Neon Client Library 0.23.7
Neon Client Library 0.23.6
Neon Client Library 0.23.5
Neon Client Library 0.23.4
Neon Client Library 0.23.3
Neon Client Library 0.23.2
Neon Client Library 0.23.1
Neon Client Library 0.23
Neon Client Library 0.19.3
- Debian Linux 3.0 sparc
- Debian Linux 3.0 s/390
- Debian Linux 3.0 ppc
- Debian Linux 3.0 mipsel
- Debian Linux 3.0 mips
- Debian Linux 3.0 m68k
- Debian Linux 3.0 ia-64
- Debian Linux 3.0 ia-32
- Debian Linux 3.0 hppa
- Debian Linux 3.0 arm
- Debian Linux 3.0 alpha
- Debian Linux 3.0
Mandriva Linux Mandrake 2009.1 x86_64
Mandriva Linux Mandrake 2009.1
Mandriva Linux Mandrake 2009.0 x86_64
Mandriva Linux Mandrake 2009.0
Mandriva Linux Mandrake 2008.1 x86_64
Mandriva Linux Mandrake 2008.1
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.0
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
Avaya Voice Portal 5.0 SP2
Avaya Voice Portal 5.0 SP1
Avaya Voice Portal 5.0
Avaya Messaging Storage Server 3.1
Avaya Message Networking 3.1
Avaya Intuity AUDIX LX 2.0 SP2
Avaya Intuity AUDIX LX 2.0 SP1
Avaya Intuity AUDIX LX 2.0
Apple Mac OS X Server 10.6.4
Apple Mac OS X Server 10.6.3
Apple Mac OS X Server 10.6.2
Apple Mac OS X Server 10.6.1
Apple Mac OS X Server 10.6
Apple Mac OS X 10.6.4
Apple Mac OS X 10.6.3
Apple Mac OS X 10.6.2
Apple Mac OS X 10.6.1
Apple Mac OS X 10.6
Not Vulnerable: TortoiseSVN TortoiseSVN 1.6.5
Neon Neon 0.28.6
Apple Mac OS X Server 10.6.5


 

Privacy Statement
Copyright 2010, SecurityFocus