OpenLDAP X.509证书Null字符证书校验安全绕过漏洞

漏洞起因
设计错误

影响系统
OpenLDAP OpenLDAP 2.4.3
OpenLDAP OpenLDAP 2.4.2
OpenLDAP OpenLDAP 2.4.1
OpenLDAP OpenLDAP 2.4
OpenLDAP OpenLDAP 2.3.41
OpenLDAP OpenLDAP 2.3.40
OpenLDAP OpenLDAP 2.3.39
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
OpenLDAP OpenLDAP 2.3.27
OpenLDAP OpenLDAP 2.3.25
OpenLDAP OpenLDAP 2.3.6
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
OpenLDAP OpenLDAP 2.2.29
OpenLDAP OpenLDAP 2.2.26
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
OpenLDAP OpenLDAP 2.2.15
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
OpenLDAP OpenLDAP 2.2.6
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
OpenLDAP OpenLDAP 2.1.30
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
+ Ubuntu Ubuntu Linux 5.0 4 amd64
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
+ Ubuntu Ubuntu Linux 4.1 ia32
OpenLDAP OpenLDAP 2.1.25
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.1
OpenLDAP OpenLDAP 2.1.22
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 9.0
OpenLDAP OpenLDAP 2.1.19
OpenLDAP OpenLDAP 2.1.18
OpenLDAP OpenLDAP 2.1.17
OpenLDAP OpenLDAP 2.1.16
+ Conectiva Linux 9.0
OpenLDAP OpenLDAP 2.1.15
OpenLDAP OpenLDAP 2.1.14
OpenLDAP OpenLDAP 2.1.13
OpenLDAP OpenLDAP 2.1.12
+ S.u.S.E. Linux Personal 8.2
OpenLDAP OpenLDAP 2.1.11
OpenLDAP OpenLDAP 2.1.10
OpenLDAP OpenLDAP 2.1.4
+ Conectiva Linux Enterprise Edition 1.0
OpenLDAP OpenLDAP 2.1 .20
OpenLDAP OpenLDAP 2.0.27
OpenLDAP OpenLDAP 2.0.25
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
+ Gentoo Linux 1.2
+ MandrakeSoft Linux Mandrake 9.0
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ RedHat Linux 8.0
OpenLDAP OpenLDAP 2.0.23
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.3
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 8.0
OpenLDAP OpenLDAP 2.0.22
OpenLDAP OpenLDAP 2.0.21
+ Conectiva Linux 7.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 6.0
+ MandrakeSoft Linux Mandrake 8.2 ppc
+ MandrakeSoft Linux Mandrake 8.2
+ MandrakeSoft Linux Mandrake 8.2
OpenLDAP OpenLDAP 2.0.20
OpenLDAP OpenLDAP 2.0.19
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 6.0
OpenLDAP OpenLDAP 2.0.18
– Conectiva Linux 7.0
– Conectiva Linux 6.0
– Conectiva Linux 6.0
OpenLDAP OpenLDAP 2.0.17
– Conectiva Linux 7.0
– Conectiva Linux 6.0
– Conectiva Linux 6.0
OpenLDAP OpenLDAP 2.0.16
OpenLDAP OpenLDAP 2.0.15
– Conectiva Linux 7.0
– Conectiva Linux 6.0
– Conectiva Linux 6.0
OpenLDAP OpenLDAP 2.0.14
+ MandrakeSoft Linux Mandrake 8.1 ia64
+ MandrakeSoft Linux Mandrake 8.1
+ MandrakeSoft Linux Mandrake 8.1
+ MandrakeSoft Linux Mandrake 8.0 ppc
+ MandrakeSoft Linux Mandrake 8.0
OpenLDAP OpenLDAP 2.0.13
OpenLDAP OpenLDAP 2.0.12
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.3
OpenLDAP OpenLDAP 2.0.11 -9
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
OpenLDAP OpenLDAP 2.0.11 -11S
– Caldera OpenLinux eBuilder 3.0
– Caldera OpenLinux eBuilder 3.0
– SCO eServer 2.3.1
OpenLDAP OpenLDAP 2.0.11 -11
– Caldera OpenLinux 3.1 -IA64
– Caldera OpenLinux Server 3.1.1
– Caldera OpenLinux Server 3.1.1
– Caldera OpenLinux Server 3.1
– Caldera OpenLinux Server 3.1
– Caldera OpenLinux Workstation 3.1.1
– Caldera OpenLinux Workstation 3.1.1
– Caldera OpenLinux Workstation 3.1
– Caldera OpenLinux Workstation 3.1
OpenLDAP OpenLDAP 2.0.11
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
+ Conectiva Linux 7.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 6.0
+ HP Secure OS software for Linux 1.0
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.2
+ RedHat Linux 7.2
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.1
OpenLDAP OpenLDAP 2.0.10
OpenLDAP OpenLDAP 2.0.9
OpenLDAP OpenLDAP 2.0.8
OpenLDAP OpenLDAP 2.0.7
+ Caldera OpenLinux 3.1 -IA64
+ Caldera OpenLinux eBuilder 3.0
+ Caldera OpenLinux eBuilder 3.0
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ Caldera OpenLinux Workstation 3.1
+ HP Secure OS software for Linux 1.0
+ HP Secure OS software for Linux 1.0
+ MandrakeSoft Linux Mandrake 8.0 ppc
+ MandrakeSoft Linux Mandrake 8.0 ppc
+ MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 8.0
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ RedHat Linux 7.1
+ SCO eServer 2.3.1
+ SCO eServer 2.3.1
OpenLDAP OpenLDAP 2.0.6
OpenLDAP OpenLDAP 2.0.5
OpenLDAP OpenLDAP 2.0.4
OpenLDAP OpenLDAP 2.0.3
OpenLDAP OpenLDAP 2.0.2
OpenLDAP OpenLDAP 2.0.1
OpenLDAP OpenLDAP 2.3.28-E1.0.0
OpenLDAP OpenLDAP 2.3.28-20061022
OpenLDAP OpenLDAP 2.3.28-2.20061022
OpenLDAP OpenLDAP 2.3.27-2.20061018

不受影响系统

危害
远程攻击者可以利用漏洞获得敏感信息。

攻击所需条件
攻击者必须构建恶意证书，提交给OpenLDAP处理。

漏洞信息
OpenLDAP是一款开放源代码的LDAP目录服务实现。
OpenLDAP存在类似CVE-2009-2408的证书验证问题，由于对X.509证书中的主题可选名(Subject Alternative Name)字段中的域名字符缺少充分过滤，如果提交的证书包含空字符(\0)，会错误的把空字符作为截止字符，攻击者可以提交恶意证书代替可信证书进行欺骗伪造等攻击。

测试方法

厂商解决方案
用户可参考供应商提供的安全公告获得补丁信息：
http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_g.c.diff?r1=1.13&r2=1.14&f=h
http://www.vupen.com/english/solution-2009-3056-3.php
http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8&r2=1.11&f=h

漏洞提供者
Joe Orton

← Opera Web浏览器10.01之前版本存在多个安全漏洞

OpenBSD ‘getsockopt(2)’远程拒绝服务漏洞 →

ZeroBox Vulnerability Database

坚持！我们将做的更好！

OpenLDAP X.509证书Null字符证书校验安全绕过漏洞

0 条评论。

发表评论