oss-security September 2010 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: Re: [oss-security] CVE Request 1, NSS 2, Qt: Doesn

Re: [oss-security] CVE Request 1, NSS 2, Qt: Doesn't handle wildcards in Common Name properly

From: Florian Weimer <fw_at_nospam>
Date: Mon Sep 06 2010 - 18:19:52 GMT
To: oss-security@lists.openwall.com

* Jan Lieskovsky:

> 1, Network Security Services (NSS) handled wildcard (*) character
> in the Common Name field of a x509v3 digital certificate.
> If an attacker is able to get a carefully-crafted certificate,
> signed by a Certificate Authority trusted by Firefox, the attacker
> could use the certificate during the man-in-the-middle attack and
> potentially confuse Firefox into accepting it by mistake. Different
> vulnerability than CVE-2009-2408.
> References:
> [1] http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt
> [2] http://bugs.gentoo.org/show_bug.cgi?id=335731

Is this really a _security_ bug? The CN was not validated by the CA,
so it's the CA's fault (which you have to trust, but still).