OpenLDAP X.509 Certificate NULL Character Certificate Validation Security Bypass Vulnerability

Bugtraq ID: 36844
Class: Design Error
CVE: CVE-2009-3767
Remote: Yes
Local: No
Published: Sep 03 2009 12:00AM
Updated: Apr 13 2015 09:47PM
Credit: Joe Orton
Vulnerable: VMWare ESX 4.1
VMWare ESX 4.0
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Redhat JBoss Enterprise Web Server for Windows 1.0
Redhat JBoss Enterprise Web Server for Solaris 1.0
Redhat JBoss Enterprise Web Server for RHEL 6 1.0
Redhat JBoss Enterprise Web Server for RHEL 5 Server 1.0
Redhat JBoss Enterprise Web Server for RHEL 4 ES 1.0
Redhat JBoss Enterprise Web Server for RHEL 4 AS 1.0
Redhat JBoss Enterprise Web Server EL4 0
Redhat JBoss Enterprise Web Server 5.0
Redhat Enterprise Linux WS 4
Redhat Enterprise Linux ES 4.8.z
Redhat Enterprise Linux ES 4
Redhat Enterprise Linux Desktop Workstation 5 client
Redhat Enterprise Linux Desktop 5 client
Redhat Enterprise Linux AS 4.8.z
Redhat Enterprise Linux AS 4
Redhat Enterprise Linux 5 Server
Redhat Desktop 4.0
Pardus Linux 2009 0
OpenLDAP OpenLDAP 2.4.3
OpenLDAP OpenLDAP 2.4.2
OpenLDAP OpenLDAP 2.4.1
OpenLDAP OpenLDAP 2.4
OpenLDAP OpenLDAP 2.3.41
OpenLDAP OpenLDAP 2.3.40
OpenLDAP OpenLDAP 2.3.39
OpenLDAP OpenLDAP 2.3.27
OpenLDAP OpenLDAP 2.3.25
OpenLDAP OpenLDAP 2.3.6
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
OpenLDAP OpenLDAP 2.2.29
OpenLDAP OpenLDAP 2.2.26
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ SuSE Linux 8.1
OpenLDAP OpenLDAP 2.2.15
OpenLDAP OpenLDAP 2.2.6
OpenLDAP OpenLDAP 2.1.30
OpenLDAP OpenLDAP 2.1.25
OpenLDAP OpenLDAP 2.1.22
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 9.0
OpenLDAP OpenLDAP 2.1.19
OpenLDAP OpenLDAP 2.1.18
OpenLDAP OpenLDAP 2.1.17
OpenLDAP OpenLDAP 2.1.16
OpenLDAP OpenLDAP 2.1.15
OpenLDAP OpenLDAP 2.1.14
OpenLDAP OpenLDAP 2.1.13
OpenLDAP OpenLDAP 2.1.12
OpenLDAP OpenLDAP 2.1.11
OpenLDAP OpenLDAP 2.1.10
OpenLDAP OpenLDAP 2.1.4
+ Conectiva Linux Enterprise Edition 1.0
OpenLDAP OpenLDAP 2.1 .20
OpenLDAP OpenLDAP 2.0.27
OpenLDAP OpenLDAP 2.0.25
OpenLDAP OpenLDAP 2.0.23
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Redhat Linux 7.3 i386
+ Redhat Linux 7.3 i386
+ Redhat Linux 7.3
+ Redhat Linux 7.3
+ SuSE Linux 8.0
+ SuSE Linux 8.0
OpenLDAP OpenLDAP 2.0.22
OpenLDAP OpenLDAP 2.0.21
OpenLDAP OpenLDAP 2.0.20
OpenLDAP OpenLDAP 2.0.19
OpenLDAP OpenLDAP 2.0.18
OpenLDAP OpenLDAP 2.0.17
OpenLDAP OpenLDAP 2.0.16
OpenLDAP OpenLDAP 2.0.15
OpenLDAP OpenLDAP 2.0.14
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
OpenLDAP OpenLDAP 2.0.13
OpenLDAP OpenLDAP 2.0.12
+ SuSE Linux 7.3 sparc
+ SuSE Linux 7.3 sparc
+ SuSE Linux 7.3 ppc
+ SuSE Linux 7.3
+ SuSE Linux 7.3
OpenLDAP OpenLDAP 2.0.11 -9
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
OpenLDAP OpenLDAP 2.0.11 -11S
- Caldera OpenLinux eBuilder 3.0
- Caldera OpenLinux eBuilder 3.0
- SCO eServer 2.3.1
OpenLDAP OpenLDAP 2.0.11 -11
OpenLDAP OpenLDAP 2.0.11
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
+ HP Secure OS software for Linux 1.0
+ HP Secure OS software for Linux 1.0
+ Redhat Linux 7.2 ia64
+ Redhat Linux 7.2 ia64
+ Redhat Linux 7.2 i386
+ Redhat Linux 7.2 i386
+ Redhat Linux 7.2 alpha
+ Redhat Linux 7.2 alpha
+ Redhat Linux 7.2
+ Redhat Linux 7.2
+ Redhat Linux 7.1 ia64
+ Redhat Linux 7.1 i386
+ Redhat Linux 7.1
+ SuSE Linux 7.2
+ SuSE Linux 7.2
+ SuSE Linux 7.1 sparc
+ SuSE Linux 7.1 sparc
+ SuSE Linux 7.1 ppc
+ SuSE Linux 7.1 ppc
+ SuSE Linux 7.1 alpha
+ SuSE Linux 7.1 alpha
+ SuSE Linux 7.1
+ SuSE Linux 7.1
OpenLDAP OpenLDAP 2.0.10
OpenLDAP OpenLDAP 2.0.9
OpenLDAP OpenLDAP 2.0.8
OpenLDAP OpenLDAP 2.0.7
OpenLDAP OpenLDAP 2.0.6
OpenLDAP OpenLDAP 2.0.5
OpenLDAP OpenLDAP 2.0.4
OpenLDAP OpenLDAP 2.0.3
OpenLDAP OpenLDAP 2.0.2
OpenLDAP OpenLDAP 2.0.1
OpenLDAP OpenLDAP 2.3.28-E1.0.0
OpenLDAP OpenLDAP 2.3.28-20061022
OpenLDAP OpenLDAP 2.3.28-2.20061022
OpenLDAP OpenLDAP 2.3.27-2.20061018
Mandriva Linux Mandrake 2009.1 x86_64
Mandriva Linux Mandrake 2009.1
Mandriva Linux Mandrake 2009.0 x86_64
Mandriva Linux Mandrake 2009.0
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.0
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 4.0
Gentoo Linux
Debian Linux 5.0 sparc
Debian Linux 5.0 s/390
Debian Linux 5.0 powerpc
Debian Linux 5.0 mipsel
Debian Linux 5.0 mips
Debian Linux 5.0 m68k
Debian Linux 5.0 ia-64
Debian Linux 5.0 ia-32
Debian Linux 5.0 hppa
Debian Linux 5.0 armel
Debian Linux 5.0 arm
Debian Linux 5.0 amd64
Debian Linux 5.0 alpha
Debian Linux 5.0
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 armel
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0
Avaya Voice Portal 5.1
Avaya Voice Portal 5.1
Avaya Voice Portal 5.0 SP2
Avaya Voice Portal 5.0 SP1
Avaya Voice Portal 5.0
Avaya Voice Portal 4.1 SP2
Avaya Voice Portal 4.1 SP1
Avaya Voice Portal 4.1
Avaya Voice Portal 4.0
Avaya Proactive Contact 4.1.2
Avaya Proactive Contact 4.1.1
Avaya Proactive Contact 4.1
Avaya Proactive Contact 4.0
Avaya Messaging Storage Server 5.2
Avaya Messaging Storage Server 5.1
Avaya Messaging Storage Server 5.0
Avaya Messaging Storage Server 4.0
Avaya Message Networking 5.2
Avaya Message Networking 3.1
Avaya Meeting Exchange 5.0 .0.52
Avaya Meeting Exchange 5.2 SP1
Avaya Meeting Exchange 5.2
Avaya Meeting Exchange 5.1 SP1
Avaya Meeting Exchange 5.1
Avaya Meeting Exchange 5.0 SP2
Avaya Meeting Exchange 5.0 SP1
Avaya Meeting Exchange 5.0
Avaya IQ 5.1
Avaya IQ 5
Avaya Intuity AUDIX LX 2.0 SP2
Avaya Intuity AUDIX LX 2.0 SP1
Avaya Intuity AUDIX LX 2.0
Avaya Aura System Platform 1.0
Avaya Aura System Manager 6.0 SP1
Avaya Aura System Manager 6.0
Avaya Aura System Manager 5.2
Avaya Aura SIP Enablement Services 5.2.1
Avaya Aura SIP Enablement Services 3.1.1
Avaya Aura SIP Enablement Services 3.1
Avaya Aura SIP Enablement Services 5.2
Avaya Aura SIP Enablement Services 5.1
Avaya Aura SIP Enablement Services 5.0
Avaya Aura SIP Enablement Services 4.0
Avaya Aura SIP Enablement Services 3.1
Avaya Aura SIP Enablement Services 3.0
Avaya Aura Session Manager 6.0
Avaya Aura Session Manager 5.2 SP2
Avaya Aura Session Manager 5.2 SP1
Avaya Aura Session Manager 5.2
Avaya Aura Session Manager 1.1
Avaya Aura Communication Manager 5.2
Avaya Aura Communication Manager 5.1
Avaya Aura Communication Manager 4.0
Avaya Aura Communication Manager 4.0
Avaya Aura Application Enablement Services 5.2.1
Avaya Aura Application Enablement Services 4.2.3
Avaya Aura Application Enablement Services 4.2.2
Avaya Aura Application Enablement Services 4.2.1
Avaya Aura Application Enablement Services 4.0.1
Avaya Aura Application Enablement Services 5.2
Avaya Aura Application Enablement Services 4.2
Avaya Aura Application Enablement Services 4.1
Avaya Aura Application Enablement Services 4.0
Not Vulnerable: Redhat JBoss Enterprise Web Server for Windows 1.0.2
Redhat JBoss Enterprise Web Server for Solaris 1.0.2
Redhat JBoss Enterprise Web Server for RHEL 6 1.0.2
Redhat JBoss Enterprise Web Server for RHEL 5 Server 1.0.2
Redhat JBoss Enterprise Web Server for RHEL 4 ES 1.0.2
Redhat JBoss Enterprise Web Server for RHEL 4 AS 1.0.2


 

Privacy Statement
Copyright 2010, SecurityFocus