Next Page >>
Certification Authority
Service Console package curl updated to version 7.15.5-2.1.el5_3.5
A cURL is affected by the previously published "null prefix attack",
caused by incorrect handling of NULL characters in X.509
certificates. If an attacker is able to get a carefully-crafted
certificate signed by a trusted Certificate Authority, the attacker
could use the certificate during a man-in-the-middle attack and
potentially confuse cURL into accepting it by mistake.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-2417 to this issue
sendmail before 8.14.4 does not properly handle a '\0' (NUL)
character in a Common Name (CN) field of an X.509 certificate, which
(1) allows man-in-the-middle attackers to spoof arbitrary SSL-based
SMTP servers via a crafted server certificate issued by a legitimate
Certification Authority, and (2) allows remote attackers to bypass
intended access restrictions via a crafted client certificate issued by
a legitimate Certification Authority, a related issue to CVE-2009-2408
(CVE-2009-4565).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
Debian bug : 564581
It was discovered that sendmail, a Mail Transport Agent, does not properly handle
a '\0' character in a Common Name (CN) field of an X.509 certificate.
This allows an attacker to spoof arbitrary SSL-based SMTP servers via a crafted server
certificate issued by a legitimate Certification Authority, and to bypass intended
access restrictions via a crafted client certificate issued by a legitimate
Certification Authority.
For the oldstable distribution (etch), this problem has been fixed in
version 8.13.8-3+etch1
Security issues were identified and fixed in mozilla firefox and
thunderbird:
As more information has come to light about the attack on the DigiNotar
Certificate Authority we have improved the protections added in MFSA
2011-34. The main change is to add explicit distrust to the DigiNotar
root certificate and several intermediates. Removing the root as in
our previous fix meant the certificates could be considered valid if
cross-signed by another Certificate Authority. Importantly this list
of distrusted certificates includes the PKIOverheid (PKIGovernment)
cause an interruption in voice services, if exploited. These
vulnerabilities were discovered internally by Cisco. The following
Cisco Unified Communications Manager services are affected:
* Certificate Trust List (CTL) Provider
* Certificate Authority Proxy Function (CAPF)
* Session Initiation Protocol (SIP)
* Simple Network Management Protocol (SNMP) Trap
Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate some of these
cause an interruption in voice services, if exploited. These
vulnerabilities were discovered internally by Cisco. The following
Cisco Unified Communications Manager services are affected:
* Certificate Trust List (CTL) Provider
* Certificate Authority Proxy Function (CAPF)
* Session Initiation Protocol (SIP)
* Simple Network Management Protocol (SNMP) Trap
Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate some of these
Security issues were identified and fixed in mozilla firefox and
thunderbird:
As more information has come to light about the attack on the DigiNotar
Certificate Authority we have improved the protections added in MFSA
2011-34. The main change is to add explicit distrust to the DigiNotar
root certificate and several intermediates. Removing the root as in
our previous fix meant the certificates could be considered valid if
cross-signed by another Certificate Authority. Importantly this list
of distrusted certificates includes the PKIOverheid (PKIGovernment)
socket.c in fetchmail before 6.3.11 does not properly handle a '\0'
(NUL) character in a domain name in the subject's Common Name (CN)
and subjectAlt(ernative)Name fields of an X.509 certificate, which
allows man-in-the-middle attackers to spoof arbitrary SSL servers via
a crafted certificate issued by a legitimate Certification Authority,
a related issue to CVE-2009-2408 (CVE-2009-2666).
This update provides a solution to this vulnerability.
Update:
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird
before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
recognize a wildcard IP address in the subject's Common Name field of
an X.509 certificate, which might allow man-in-the-middle attackers
to spoof arbitrary SSL servers via a crafted certificate issued by
a legitimate Certification Authority (CVE-2010-3170).
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x
before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and
SeaMonkey before 2.0.9 does not properly set the minimum key length
for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for
src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x
does not properly handle a '\0' character in a domain name in the
Subject Alternative Name field of an X.509 certificate, which allows
man-in-the-middle attackers to spoof arbitrary SSL servers via a
crafted certificate issued by a legitimate Certification Authority,
a related issue to CVE-2009-2408 (CVE-2009-2700).
This update provides a solution to this vulnerability.
_______________________________________________________________________
~ This certificate is included primarily for the purposes of feature
demonstration and convenience and is not intended for long-term use in
production networks. Users in a production environment are urged to
obtain and install a certificate issued for their site or domain by a
well-known certificate authority (CA). You can generate a Certificate
Signing Request (CSR) on the controller to submit to a CA. For
information on how to generate a CSR and how to import the CA-signed
certificate into the controller, see "Managing Certificates" on page
517 in Chapter 19, "Configuring Management Access"."
Unauthorized File System Access Vulnerability
+--------------------------------------------
An unauthorized file system access vulnerability affects Cisco ASA
5500 Series Adaptive Security Appliances when a security appliance is
configured as a local Certificate Authority (CA). An affected
configuration consists of the following minimum commands:
crypto ca trustpoint <trustpoint name>
keypair <keypair name>
crl configure
CVE-2009-2700
qt4-x11 does not properly handle a '\0' character in a domain name in the
Subject Alternative Name field of an X.509 certificate, which allows
man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification Authority.
The oldstable distribution (etch) is not affected by these problems.
Workaround
==========
Do not use pre-generated SSL keys, but use keys that were generated
using a different Certificate Authority.
Resolution
==========
Upgrading to newer versions of the above packages will neither remove
neon before 0.28.6, when OpenSSL is used, does not properly handle a
'\0' (NUL) character in a domain name in the subject's Common Name
(CN) field of an X.509 certificate, which allows man-in-the-middle
attackers to spoof arbitrary SSL servers via a crafted certificate
issued by a legitimate Certification Authority, a related issue to
CVE-2009-2408 (CVE-2009-2474).
This update provides a solution to these vulnerabilities.
_______________________________________________________________________
libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does
not properly handle a \'\0\' (NUL) character in a domain name in
the subject's Common Name (CN) field of an X.509 certificate, which
allows man-in-the-middle attackers to spoof arbitrary SSL servers via
a crafted certificate issued by a legitimate Certification Authority,
a related issue to CVE-2009-2408 (CVE-2009-3767).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
(CVE-2009-1417).
A vulnerability have been discovered and corrected in GnuTLS
before 2.8.2, which could allow man-in-the-middle attackers to spoof
arbitrary SSL servers via a crafted certificate issued by a legitimate
Certification Authority (CVE-2009-2730).
Packages for 2008.0 are being provided due to extended support for
Corporate products.
This update fixes this vulnerability.
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is
used, does not properly handle a '\0' character in a domain name in
the subject's Common Name (CN) field of an X.509 certificate, which
allows man-in-the-middle attackers to spoof arbitrary SSL servers via
a crafted certificate issued by a legitimate Certification Authority,
a related issue to CVE-2009-2408 (CVE-2009-2417).
This update provides a solution to this vulnerability.
Update:
Workaround
==========
Do not use pre-generated SSL keys, but use keys that were generated
using a different Certificate Authority.
Resolution
==========
Upgrading to newer versions of the above packages will neither remove
socket.c in fetchmail before 6.3.11 does not properly handle a '\0'
character in a domain name in the subject's Common Name (CN) field
of an X.509 certificate, which allows man-in-the-middle attackers
to spoof arbitrary SSL servers via a crafted certificate issued by a
legitimate Certification Authority, a related issue to CVE-2009-2408
(CVE-2009-2666).
This update provides a solution to this vulnerability.
_______________________________________________________________________
http://www.debian.org/security/ Moritz Muehlenhoff
August 31, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : nss
Vulnerability : comprimised certificate authority
Problem type : local(remote)
Debian-specific: no
CVE ID : not available
Several unauthorised SSL certificates have been found in the wild issued
KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a
\'\0\' (NUL) character in a domain name in the Subject Alternative
Name field of an X.509 certificate, which allows man-in-the-middle
attackers to spoof arbitrary SSL servers via a crafted certificate
issued by a legitimate Certification Authority, a related issue to
CVE-2009-2408 (CVE-2009-2702).
KDE Konqueror allows remote attackers to cause a denial of service
(memory consumption) via a large integer value for the length property
of a Select object, a related issue to CVE-2009-1692 (CVE-2009-2537).
http://www.debian.org/security/ Raphael Geissert
September 13, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : openssl
Vulnerability : compromised certificate authority
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-1945
Several fraudulent SSL certificates have been found in the wild issued
It was discovered that OpenLDAP, a free implementation of the Lightweight
Directory Access Protocol, when OpenSSL is used, does not properly handle a '\0'
character in a domain name in the subject's Common Name (CN) field of an X.509
certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL
servers via a crafted certificate issued by a legitimate Certification Authority.
For the oldstable distribution (etch), this problem has been fixed in version
2.3.30-5+etch3 for openldap2.3.
For the stable distribution (lenny), this problem has been fixed in version
Summary
=======
Cisco Unified Communications Manager, formerly Cisco CallManager,
contains a denial of service (DoS) vulnerability in the Certificate
Authority Proxy Function (CAPF) service. Exploitation of this
vulnerability could cause an interruption in voice services. The CAPF
service is disabled by default.
Cisco has released free software updates that address this
vulnerability. Workarounds available that mitigate this vulnerability
KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a
\'\0\' (NUL) character in a domain name in the Subject Alternative
Name field of an X.509 certificate, which allows man-in-the-middle
attackers to spoof arbitrary SSL servers via a crafted certificate
issued by a legitimate Certification Authority, a related issue to
CVE-2009-2408 (CVE-2009-2702).
The JavaScript garbage collector in WebKit in Apple Safari before
4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1
through 2.2.1 does not properly handle allocation failures, which
neon before 0.28.6, when OpenSSL is used, does not properly handle a
'\0' (NUL) character in a domain name in the subject's Common Name
(CN) field of an X.509 certificate, which allows man-in-the-middle
attackers to spoof arbitrary SSL servers via a crafted certificate
issued by a legitimate Certification Authority, a related issue to
CVE-2009-2408 (CVE-2009-2474).
Packages for 2008.0 are being provided due to extended support for
Corporate products.
libESMTP, probably 1.0.4 and earlier, does not properly handle a \'\0\'
(NUL) character in a domain name in the subject's Common Name (CN)
field of an X.509 certificate, which allows man-in-the-middle attackers
to spoof arbitrary SSL servers via a crafted certificate issued by a
legitimate Certification Authority, a related issue to CVE-2009-2408
(CVE-2010-1192).
The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and
possibly other versions including 1.0.4, treats two strings as equal if
one is a substring of the other, which allows remote attackers to spoof
http://www.debian.org/security/ Thijs Kinkhorst
August 31, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : ca-certificates
Vulnerability : comprimised certificate authority
Problem type : local/remote
Debian-specific: no
Debian Bug : 639744
An unauthorized SSL certificate has been found in the wild issued
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is
used, does not properly handle a '\0' character in a domain name in
the subject's Common Name (CN) field of an X.509 certificate, which
allows man-in-the-middle attackers to spoof arbitrary SSL servers via
a crafted certificate issued by a legitimate Certification Authority,
a related issue to CVE-2009-2408 (CVE-2009-2417).
This update provides a solution to this vulnerability.
_______________________________________________________________________
Next Page>>
|
