FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- TLS Certificate Common name NULL byte exploit

Affected packages
asterisk <
asterisk11 < 11.17.1
asterisk13 < 13.3.2


VuXML ID 5fee3f02-de37-11e4-b7c3-001999f8d30b
Discovery 2015-04-04
Entry 2015-04-08

The Asterisk project reports:

When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected. For example, if Asterisk is trying to register to, Asterisk will accept certificates of the form\


CVE Name CVE-2015-3008