CVE-2009-2702

Name of the Vulnerable Software and Affected Versions KDE KSSL in kdelibs versions 3.5.4, 4.2.4, and 4.3

Description The issue arises from improper handling of a '0' character in a domain name within the Subject Alternative Name field of an X.509 certificate. This allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Recommendations For versions 3.5.4, 4.2.4, and 4.3, consider disabling the use of X.509 certificates with '0' characters in the domain name of the Subject Alternative Name field until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.