GnuTLS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability

Bugtraq ID:	35952
Class:	Design Error
CVE:	CVE-2009-2730
Remote:	Yes
Local:	No
Published:	Aug 04 2009 12:00AM
Updated:	Nov 17 2009 04:56PM
Credit:	Tomas Hoger
Vulnerable:	Ubuntu Ubuntu Linux 9.04 sparc Ubuntu Ubuntu Linux 9.04 powerpc Ubuntu Ubuntu Linux 9.04 lpia Ubuntu Ubuntu Linux 9.04 i386 Ubuntu Ubuntu Linux 9.04 amd64 Ubuntu Ubuntu Linux 8.10 sparc Ubuntu Ubuntu Linux 8.10 powerpc Ubuntu Ubuntu Linux 8.10 lpia Ubuntu Ubuntu Linux 8.10 i386 Ubuntu Ubuntu Linux 8.10 amd64 Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Slackware Linux 13.0 x86_64 Slackware Linux 13.0 Slackware Linux 12.2 Slackware Linux 12.1 Slackware Linux -current Slackware Linux -current S.u.S.E. SLE 11 S.u.S.E. SLE 10 S.u.S.E. openSUSE 11.1 S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 RedHat Fedora 11 RedHat Fedora 10 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux AS 4 RedHat Enterprise Linux Desktop version 4 RedHat Enterprise Linux 5 server Pardus Linux 2009 0 MandrakeSoft Linux Mandrake 2009.1 x86_64 MandrakeSoft Linux Mandrake 2009.1 MandrakeSoft Linux Mandrake 2009.0 x86_64 MandrakeSoft Linux Mandrake 2009.0 MandrakeSoft Linux Mandrake 2008.1 x86_64 MandrakeSoft Linux Mandrake 2008.1 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 GNU GnuTLS 2.8.1 GNU GnuTLS 2.6.6 GNU GnuTLS 2.6.5 GNU GnuTLS 2.6.4 GNU GnuTLS 2.6.3 GNU GnuTLS 2.6.2 GNU GnuTLS 2.6.1 GNU GnuTLS 2.6 GNU GnuTLS 2.4.1 GNU GnuTLS 2.4 GNU GnuTLS 2.2.5 GNU GnuTLS 2.2.4 GNU GnuTLS 2.2.3 GNU GnuTLS 2.2.2 GNU GnuTLS 2.2.1 GNU GnuTLS 2.2 GNU GnuTLS 2.0 Debian Linux 5.0 sparc Debian Linux 5.0 s/390 Debian Linux 5.0 powerpc Debian Linux 5.0 mipsel Debian Linux 5.0 mips Debian Linux 5.0 m68k Debian Linux 5.0 ia-64 Debian Linux 5.0 ia-32 Debian Linux 5.0 hppa Debian Linux 5.0 armel Debian Linux 5.0 arm Debian Linux 5.0 amd64 Debian Linux 5.0 alpha Debian Linux 5.0 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 armel Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Avaya SIP Enablement Services 3.1.2 Avaya SIP Enablement Services 3.1.1 Avaya SIP Enablement Services 5.2 Avaya SIP Enablement Services 5.1 Avaya SIP Enablement Services 5.0 Avaya SIP Enablement Services 4.0 Avaya SIP Enablement Services 3.1 Avaya Proactive Contact 4.1 Avaya Messaging Storage Server MSS 3.0 Avaya Messaging Storage Server MM3.0 Avaya Messaging Storage Server 5.0 Avaya Messaging Storage Server 4.0 Avaya Messaging Storage Server 3.1 Avaya Message Networking MN 3.1 Avaya Meeting Exchange 5.2 Avaya Meeting Exchange 5.1 SP1 Avaya Meeting Exchange 5.1 Avaya Meeting Exchange 5.0 SP2 Avaya Meeting Exchange 5.0 SP1 Avaya Meeting Exchange 5.0 Avaya Intuity AUDIX LX 2.0 SP2 Avaya Intuity AUDIX LX 2.0 SP1 Avaya Intuity AUDIX LX 2.0 Avaya Communication Manager 3.1 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700

Not Vulnerable:	GNU GnuTLS 2.8.2