From: Simon Josefsson Date: Thu, 6 Aug 2009 22:50:53 +0000 (+0200) Subject: Fix. X-Git-Tag: gnutls_2_9_2~31^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ad555b6a8daee2d4a8b9ba0c11fca028037d6e13;p=thirdparty%2Fgnutls.git Fix. --- diff --git a/NEWS b/NEWS index 4a16ac7757..db3d652a44 100644 --- a/NEWS +++ b/NEWS @@ -9,13 +9,14 @@ See the end for copying conditions. By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS into 1) not printing the entire CN/SAN field value when printing a certificate and 2) cause incorrect positive matches when matching a -hostname against a certificate. Combined with the fact that some CAs -apparently have poor checking CN/SAN values and issue such (arguably -incorrect) certificates, it can be used by attackers to become a MITM -on server-authenticated TLS sessions. The problem is mitigated since -attackers needs to get one certificate per site they want to attack, -and the attacker reveals his tracks by applying for a certificate at -the CA. Research presented independently by Dan Kaminsky and Moxie +hostname against a certificate. Some CAs apparently have poor +checking of CN/SAN values and issue these (arguable invalid) +certificates. Combined, this can be used by attackers to become a +MITM on server-authenticated TLS sessions. The problem is mitigated +since attackers needs to get one certificate per site they want to +attack, and the attacker reveals his tracks by applying for a +certificate at the CA. It does not apply to client authenticated TLS +sessions. Research presented independently by Dan Kaminsky and Moxie Marlinspike at BlackHat09. Thanks to Tomas Hoger for providing one part of the patch. [GNUTLS-SA-2009-4].