FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenLDAP -- incorrect handling of NULL in certificate Common Name

Affected packages
openldap24-client < 2.4.18
linux-f10-openldap < 2.4.18


VuXML ID abad20bf-c1b4-11e3-a5ac-001b21614864
Discovery 2009-08-07
Entry 2014-04-11

Jan Lieskovsky reports:

OpenLDAP does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority


CVE Name CVE-2009-3767