[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6239) ldap_pvt_tls_check_hostname() may be vulnerable

To: openldap-its@openldap.org
Subject: (ITS#6239) ldap_pvt_tls_check_hostname() may be vulnerable
From: hyc@OpenLDAP.org
Date: Thu, 30 Jul 2009 20:13:02 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Howard Chu
Version: any
OS: 
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (76.91.220.157)
Submitted by: hyc


Our chkhost implementation for OpenSSL does a simple strcasecmp on the name
obtained from the certificate CN; if the CN has an embedded NUL it is possible
for this check to be spoofed. This is now fixed in HEAD.

Our chkhost implementation for GnuTLS is not vulnerable.

We didn't write a chkhost implementation for MozNSS, we just use the default one
they provide. Inspecting their code shows that their default checker is also
vulnerable. I will be writing a replacement for libldap shortly.

Prev by Date: Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind
Next by Date: Re: (ITS#6239) ldap_pvt_tls_check_hostname() may be vulnerable
Index(es):
- Chronological
- Thread