libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '
OpenLDAP is an open source suite of LDAP (Lightweight Directory AccessProtocol) applications and development tools.A flaw was found in the way OpenLDAP handled NUL characters in theCommonName field of X.509 certificates. An attacker able to get acarefully-crafted certificate signed by a trusted Certificate Authoritycould trick applications using OpenLDAP libraries into accepting it bymistake, allowing the attacker to perform a man-in-the-middle attack.(CVE-2009-3767)This update also fixes the following bugs:Users of OpenLDAP should upgrade to these updated packages, which resolvethese issues.
' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.