CVE-2009-2730 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-2730 Interim 1 31 2024-07-27T01:46:58Z current 2021-05-30T12:47:59Z 2024-07-27T01:46:58Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-2730 libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LUR3YYO2WM7DRXSSFKXTUHURRCIUR55X/#LUR3YYO2WM7DRXSSFKXTUHURRCIUR55X E-Mail link for SUSE-SR:2009:015 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KMSGWTGNMZ6OBF4PSADAZBORDOW6FLX6/#KMSGWTGNMZ6OBF4PSADAZBORDOW6FLX6 E-Mail link for SUSE-SR:2010:004 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SP4 LTSS SUSE Linux Enterprise Server for SAP Applications 11 SUSE Linux Enterprise Software Development Kit 11 SP4 gnutls gnutls-2.4.1-24.19.1 gnutls-2.4.1-24.39.33.1 gnutls-2.4.1-24.39.45.1 gnutls-2.4.1-24.39.55.1 libgnutls-devel-2.4.1-24.39.55.1 libgnutls-extra-devel-2.4.1-24.39.55.1 libgnutls-extra26-2.4.1-24.39.45.1 libgnutls-extra26-2.4.1-24.39.55.1 libgnutls26-2.4.1-24.19.1 libgnutls26-2.4.1-24.39.33.1 libgnutls26-2.4.1-24.39.45.1 libgnutls26-2.4.1-24.39.55.1 libgnutls26-32bit-2.4.1-24.19.1 libgnutls26-32bit-2.4.1-24.39.33.1 libgnutls26-32bit-2.4.1-24.39.45.1 libgnutls26-32bit-2.4.1-24.39.55.1 libgnutls26-x86-2.4.1-24.19.1 libgnutls26-x86-2.4.1-24.39.33.1 libgnutls26-x86-2.4.1-24.39.45.1 libgnutls26-x86-2.4.1-24.39.55.1 gnutls-2.4.1-24.19.1 as a component of SUSE Linux Enterprise Server 11 libgnutls26-2.4.1-24.19.1 as a component of SUSE Linux Enterprise Server 11 libgnutls26-32bit-2.4.1-24.19.1 as a component of SUSE Linux Enterprise Server 11 libgnutls26-x86-2.4.1-24.19.1 as a component of SUSE Linux Enterprise Server 11 gnutls-2.4.1-24.19.1 as a component of SUSE Linux Enterprise Server 11 SP1 libgnutls26-2.4.1-24.19.1 as a component of SUSE Linux Enterprise Server 11 SP1 libgnutls26-32bit-2.4.1-24.19.1 as a component of SUSE Linux Enterprise Server 11 SP1 libgnutls26-x86-2.4.1-24.19.1 as a component of SUSE Linux Enterprise Server 11 SP1 gnutls-2.4.1-24.39.33.1 as a component of SUSE Linux Enterprise Server 11 SP2 libgnutls26-2.4.1-24.39.33.1 as a component of SUSE Linux Enterprise Server 11 SP2 libgnutls26-32bit-2.4.1-24.39.33.1 as a component of SUSE Linux Enterprise Server 11 SP2 libgnutls26-x86-2.4.1-24.39.33.1 as a component of SUSE Linux Enterprise Server 11 SP2 gnutls-2.4.1-24.39.45.1 as a component of SUSE Linux Enterprise Server 11 SP3 libgnutls-extra26-2.4.1-24.39.45.1 as a component of SUSE Linux Enterprise Server 11 SP3 libgnutls26-2.4.1-24.39.45.1 as a component of SUSE Linux Enterprise Server 11 SP3 libgnutls26-32bit-2.4.1-24.39.45.1 as a component of SUSE Linux Enterprise Server 11 SP3 libgnutls26-x86-2.4.1-24.39.45.1 as a component of SUSE Linux Enterprise Server 11 SP3 gnutls-2.4.1-24.39.55.1 as a component of SUSE Linux Enterprise Server 11 SP4 libgnutls-extra26-2.4.1-24.39.55.1 as a component of SUSE Linux Enterprise Server 11 SP4 libgnutls26-2.4.1-24.39.55.1 as a component of SUSE Linux Enterprise Server 11 SP4 libgnutls26-32bit-2.4.1-24.39.55.1 as a component of SUSE Linux Enterprise Server 11 SP4 libgnutls26-x86-2.4.1-24.39.55.1 as a component of SUSE Linux Enterprise Server 11 SP4 gnutls-2.4.1-24.19.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 libgnutls26-2.4.1-24.19.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 libgnutls26-32bit-2.4.1-24.19.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 libgnutls26-x86-2.4.1-24.19.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 libgnutls-devel-2.4.1-24.39.55.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libgnutls-extra-devel-2.4.1-24.39.55.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libgnutls-extra26-2.4.1-24.39.55.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 gnutls as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata gnutls as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata gnutls as a component of SUSE Linux Enterprise Server 11 SP4 LTSS libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVE-2009-2730 SUSE Linux Enterprise Server 11:gnutls-2.4.1-24.19.1 SUSE Linux Enterprise Server 11:libgnutls26-2.4.1-24.19.1 SUSE Linux Enterprise Server 11:libgnutls26-32bit-2.4.1-24.19.1 SUSE Linux Enterprise Server 11:libgnutls26-x86-2.4.1-24.19.1 SUSE Linux Enterprise Server 11 SP1:gnutls-2.4.1-24.19.1 SUSE Linux Enterprise Server 11 SP1:libgnutls26-2.4.1-24.19.1 SUSE Linux Enterprise Server 11 SP1:libgnutls26-32bit-2.4.1-24.19.1 SUSE Linux Enterprise Server 11 SP1:libgnutls26-x86-2.4.1-24.19.1 SUSE Linux Enterprise Server 11 SP2:gnutls-2.4.1-24.39.33.1 SUSE Linux Enterprise Server 11 SP2:libgnutls26-2.4.1-24.39.33.1 SUSE Linux Enterprise Server 11 SP2:libgnutls26-32bit-2.4.1-24.39.33.1 SUSE Linux Enterprise Server 11 SP2:libgnutls26-x86-2.4.1-24.39.33.1 SUSE Linux Enterprise Server 11 SP3:gnutls-2.4.1-24.39.45.1 SUSE Linux Enterprise Server 11 SP3:libgnutls-extra26-2.4.1-24.39.45.1 SUSE Linux Enterprise Server 11 SP3:libgnutls26-2.4.1-24.39.45.1 SUSE Linux Enterprise Server 11 SP3:libgnutls26-32bit-2.4.1-24.39.45.1 SUSE Linux Enterprise Server 11 SP3:libgnutls26-x86-2.4.1-24.39.45.1 SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.55.1 SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.55.1 SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.55.1 SUSE Linux Enterprise Server 11 SP4:libgnutls26-32bit-2.4.1-24.39.55.1 SUSE Linux Enterprise Server 11 SP4:libgnutls26-x86-2.4.1-24.39.55.1 SUSE Linux Enterprise Server for SAP Applications 11:gnutls-2.4.1-24.19.1 SUSE Linux Enterprise Server for SAP Applications 11:libgnutls26-2.4.1-24.19.1 SUSE Linux Enterprise Server for SAP Applications 11:libgnutls26-32bit-2.4.1-24.19.1 SUSE Linux Enterprise Server for SAP Applications 11:libgnutls26-x86-2.4.1-24.19.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.55.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.55.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.55.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P