CVE-2009-2474: fix handling of NUL in SSL cert subject names

Joe Orton joe at
Tue Aug 18 11:51:03 EDT 2009

At Black Hat USA '09, Dan Kaminsky and Moxie Marlinspike disclosed a way 
to bypass cert verification in some SSL implementations by using a NUL 
(zero) byte in either the common Name field of the subject attribute, or 
in the "subject alternative name" attribute.

Certificate Authorities should be verifying and rejecting certificates 
with a NUL byte embedded in either of these attributes, but, allegedly 
some Internet CAs are, or have in the past, signed such certs.

All versions of neon versions up to 0.28.5 inclusive are vulnerable to 
this issue, where neon is built with SSL support using OpenSSL.  An 
attacker holding a bogus cert signed by a trusted CA could perform a 
man-in-the-middle attack against a server.

This issue has been assigned CVE name CVE-2009-2474.

All versions of neon older than 0.28.6 are affected, where linked 
against OpenSSL. 

If neon is linked against GnuTLS, version 2.8.2 or later must be used to 
avoid the vulnerability.  No changes are necessary to existing releases 
of neon to avoid the vulnerability if and only if used in conjuction 
with GnuTLS version 2.8.2 or later.

Regards, Joe

More information about the neon mailing list