OSVDB ID: 58855

Title: Microsoft Windows CryptoAPI X.509 Certificate Common Name Null Truncation Spoofing

Info

Disclosure

Oct 13, 2009

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Oct 13, 2009

Description

Classification

Location: Remote / Network Access
Attack Type: Cryptographic
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public
Disclosure: Vendor Verified, Vendor Verified, Coordinated Disclosure

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Unknown or Incomplete

References

CVE ID: 2009-2510 (see also: NVD)
Bugtraq ID: 36475
Secunia Advisory ID: 36999
Related OSVDB ID: 58856
Microsoft Knowledge Base Article: 974571
Other Advisory URL: http://www.ioactive.com/pdfs/SecurityAdvisoryCryptoApiX.509Spoofing.pdf
http://www.networkworld.com/news/2009/073009-more-holes-found-in-webs.html
http://www.networkworld.com/news/2009/091709-microsoft-ie-security-hole.html
http://www.wired.com/threatlevel/2009/07/kaminsky/
Microsoft Security Bulletin: MS09-056

Credit

Ian Wright - Citrix
Jean-Luc Giraud - ETH Zurich

Direct URL: http://osvdb.org/58855