Blackberry OS NULL Character Flaw in Common Name Field Lets Remote Users Spoof Certficiates
|
|
SecurityTracker Alert ID: 1022951 |
|
SecurityTracker URL: http://securitytracker.com/id/1022951
|
|
CVE Reference:
CVE-2009-3477
(Links to External Site)
|
Updated: Oct 6 2009
|
Original Entry Date: Sep 28 2009
|
Impact:
Modification of authentication information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 4.5.0.173, 4.6.0.303, 4.6.1.309, 4.7.0.179, 4.7.1.57
|
Description:
A vulnerability was reported in Blackberry OS. A remote user can spoof certificates of arbitrary sites.
A remote user can create a certificate with a specially crafted Common Name field that contains a NULL character. Once the certificate is signed by a Certificate Authority, the certificate can be used to spoof a target site's certificate.
The browser will correctly detect the mismatch between the certificate and the domain name. However, the resulting dialog box to warn the user of the mismatch does not display null characters, which may confuse some users and cause them to connect to the spoofed site.
Mobile Security Lab and CESG separately reported this vulnerability.
|
Impact:
A remote user can spoof certificates of arbitrary sites.
|
Solution:
The vendor has issued a fix (4.5.0.173, 4.6.0.303, 4.6.1.309, 4.7.0.179, 4.7.1.57).
The vendor's advisory is available at:
www.blackberry.com/btsc/viewContent.do?externalId=KB19552
|
Vendor URL: www.blackberry.com/btsc/viewContent.do?externalId=KB19552 (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 28 Sep 2009 13:32:02 -0400
Subject: BlackBerry Device Software
|
> BlackBerry Browser dialog box does not clearly indicate mismatches between web site
> domain names and associated certificates
http://www.blackberry.com/btsc/viewContent.do?externalId=KB19552
Doc ID : KB19552
|
|
