[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6239) ldap_pvt_tls_check_hostname() may be vulnerable

Full_Name: Howard Chu
Version: any
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (
Submitted by: hyc

Our chkhost implementation for OpenSSL does a simple strcasecmp on the name
obtained from the certificate CN; if the CN has an embedded NUL it is possible
for this check to be spoofed. This is now fixed in HEAD.

Our chkhost implementation for GnuTLS is not vulnerable.

We didn't write a chkhost implementation for MozNSS, we just use the default one
they provide. Inspecting their code shows that their default checker is also
vulnerable. I will be writing a replacement for libldap shortly.