rPath Security Advisory: 2009-0124-1
rPath Appliance Platform Linux Service 1
rPath Appliance Platform Linux Service 2
rPath Linux 1
rPath Linux 2
Exposure Level Classification:
Indirect Deterministic Weakness
rPath Issue Tracking System:
Previous versions of the curl package do not properly validate X.509
certificates with NULL bytes in the domain name portion of the Common
Name field, which can allow man-in-the-middle attacks which spoof
arbitrary SSL servers by presenting crafted certificates signed by
legitimate certification authorities.
Copyright 2009 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html