[Date Prev][Date Next]
(ITS#6239) ldap_pvt_tls_check_hostname() may be vulnerable
Full_Name: Howard Chu
Submission from: (NULL) (126.96.36.199)
Submitted by: hyc
Our chkhost implementation for OpenSSL does a simple strcasecmp on the name
obtained from the certificate CN; if the CN has an embedded NUL it is possible
for this check to be spoofed. This is now fixed in HEAD.
Our chkhost implementation for GnuTLS is not vulnerable.
We didn't write a chkhost implementation for MozNSS, we just use the default one
they provide. Inspecting their code shows that their default checker is also
vulnerable. I will be writing a replacement for libldap shortly.