Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Ludwig Nussel <ludwig.nussel-l3A5Bk7waGM <at> public.gmane.org>
Subject: CVE Request: w3m does not check null bytes CN/subjAltName
Newsgroups: gmane.comp.security.oss.general
Date: Monday 14th June 2010 11:25:03 UTC (over 6 years ago)
Hi,

Yet another occurrence of CVE-2009-2408, this time in w3m. I tried
contacting the w3m developers listed on sourceforge but got no
response. In the default configuration the missing null checks don't
make the situation worse though as w3m doesn't verify certificates
by default ('ssl_verify_server' is off by default). Attached two
patches turn on 'ssl_verify_server' and fix the null handling.

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\   
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
 
CD: 3ms