server certificate
The vuln:
Weechat does not use the GnuTLS API properly to check certificates, potentially exposing users to man-in-the-middle attacks.
Weechat registers a callback function to be called by GnuTLS during the TLS/SSL handshake. The function perform checks on the server
certificate and optionally, send a client certificate.
The mentioned code is located in src/core/wee-network.c in the network_init function:
gnutls_certificate_client_set_retrieve_function (gnutls_xcred,
&hook_connect_gnutls_set_certificates);
>=20
> authors using certified keys, allowing viewers to verify the=20
>=20
> integrity and the origin based on the author's public key.=20
>=20
> The author's public key certificate, which can come from a=20
>=20
> trusted third party, is embedded in the signed document.=20
>=20
> It is XML DSig based.
>=20
handle Office documents like text documents or spreadsheets.
The latest version uses an XML based document format (ODF).
OpenOffice allows documents to be digitally signed by authors
using certified keys, allowing viewers to verify the integrity
and the origin based on the author's public key.
The author's public-key certificate, which can come from
a trusted third party, is embedded in the signed document.
II. Problem Description
handle Office documents like text documents or spreadsheets.
The latest version uses an XML based document format.
Microsoft Office allows documents to be digitally signed by
authors using certified keys, allowing viewers to verify the
integrity and the origin based on the author's public key.
The author's public key certificate, which can come from a
trusted third party, is embedded in the signed document.
It is XML DSig based.
II. Problem Description
Security vulnerabilities has been identified and fixed in pidgin:
The NSS plugin in libpurple in Pidgin 2.4.1 does not verify SSL
certificates, which makes it easier for remote attackers to trick
a user into accepting an invalid server certificate for a spoofed
service. (CVE-2008-3532)
Pidgin 2.4.1 allows remote attackers to cause a denial of service
(crash) via a long filename that contains certain characters, as
demonstrated using an MSN message that triggers the crash in the
iSEC Partners Security Advisory - 2007-006-RubySSL
http://www.isecpartners.com
--------------------------------------------
Ruby Net::HTTPS library does not validate server certificate CN
Vendor: Ruby
Vendor URL: http://www.ruby-lang.org
Versions affected: 1.8.5, 1.8.6, Trunk Ruby
Systems Affected: All Ruby Platforms
authors using certified keys, allowing viewers to verify the
integrity and the origin based on the author's public key.
The author's public key certificate, which can come from a
trusted third party, is embedded in the signed document.
It is XML DSig based.
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment
function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote
attackers to cause a denial of service (openssl s_client crash)
and possibly have unspecified other impact via a DTLS packet, as
demonstrated by a packet from a server that uses a crafted server
certificate (CVE-2009-1379).
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to
cause a denial of service (NULL pointer dereference and daemon crash)
via a DTLS ChangeCipherSpec packet that occurs before ClientHello
(CVE-2009-1386).
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment
function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote
attackers to cause a denial of service (openssl s_client crash)
and possibly have unspecified other impact via a DTLS packet, as
demonstrated by a packet from a server that uses a crafted server
certificate (CVE-2009-1379).
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to
cause a denial of service (NULL pointer dereference and daemon crash)
via a DTLS ChangeCipherSpec packet that occurs before ClientHello
(CVE-2009-1386).
Hash: SHA1
The certificate referenced in this posting is for demonstration purposes
*only*, and this is clearly indicated in Aruba's documentation:
"A server certificate installed in the controller verifies the
authenticity of the controller for 802.1x authentication. Aruba
controllers ship with a demonstration digital certificate. Until you
install a customer-specific server certificate in the controller, this
demonstration certificate is used by default for all secure HTTP
connections (such as the WebUI and captive portal) and AAA FastConnect.
> Ruby Net::HTTPS library does not validate server certificate CN
Python has (had?) the same problem and the various ssl add-ons don't
make the situation better.
Bye,
Thomas
--
the user assumes the connection to be secure.
Workaround:
Uncheck "Disable SASL authentication" and restart Miranda.
Make sure the server certificate is trusted (via the Windows certificate
store), or your connections will fail.
Disclosure:
The bug was reported to the authors via their bug tracker.
DTLS fragments. A remote attacker could cause a denial of service via
memory resource consumption by sending a large number of crafted requests.
(CVE-2009-1378)
It was discovered that OpenSSL did not properly handle certain server
certificates when processing DTLS packets. A remote DTLS server could cause
a denial of service by sending a message containing a specially crafted
server certificate. (CVE-2009-1379)
It was discovered that OpenSSL did not properly handle a DTLS
ChangeCipherSpec packet when it occured before ClientHello. A remote
Problem Description:
The NSS plugin in libpurple in Pidgin 2.4.1 does not verify SSL
certificates, which makes it easier for remote attackers to trick
a user into accepting an invalid server certificate for a spoofed
service. (CVE-2008-3532)
Pidgin 2.4.1 allows remote attackers to cause a denial of service
(crash) via a long filename that contains certain characters, as
demonstrated using an MSN message that triggers the crash in the
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment
function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote
attackers to cause a denial of service (openssl s_client crash)
and possibly have unspecified other impact via a DTLS packet, as
demonstrated by a packet from a server that uses a crafted server
certificate (CVE-2009-1379).
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c
in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a
denial of service (NULL pointer dereference and daemon crash) via
an out-of-sequence DTLS handshake message, related to a fragment
>
> authors using certified keys, allowing viewers to verify the
>
> integrity and the origin based on the author's public key.
>
> The author's public key certificate, which can come from a
>
> trusted third party, is embedded in the signed document.
>
> It is XML DSig based.
>
handle Office documents like text documents or spreadsheets.
The latest version uses an XML based document format.
Microsoft Office allows documents to be digitally signed by
authors using certified keys, allowing viewers to verify the
integrity and the origin based on the author's public key.
The author's public key certificate, which can come from a
trusted third party, is embedded in the signed document.
It is XML DSig based.
II. Problem Description
* Astabis reported a crash in the block reflow implementation related
to large images (CVE-2008-2811).
* John G. Myers, Frank Benkstein and Nils Toedtmann reported a
weakness in the trust model used by Mozilla, that when a user accepts
an SSL server certificate on the basis of the CN domain name in the
DN field, the certificate is also regarded as accepted for all domain
names in subjectAltName:dNSName fields (CVE-2008-2809).
The following vulnerabilities were reported in Firefox, SeaMonkey and
XULRunner:
>
> authors using certified keys, allowing viewers to verify the
>
> integrity and the origin based on the author's public key.
>
> The author's public key certificate, which can come from a
>
> trusted third party, is embedded in the signed document.
>
> It is XML DSig based.
>
>>
>> authors using certified keys, allowing viewers to verify the
>>
>> integrity and the origin based on the author's public key.
>>
>> The author's public key certificate, which can come from a
>>
>> trusted third party, is embedded in the signed document.
>>
>> It is XML DSig based.
>>
A security vulnerability has been identified and fixed in sendmail:
sendmail before 8.14.4 does not properly handle a '\0' (NUL)
character in a Common Name (CN) field of an X.509 certificate, which
(1) allows man-in-the-middle attackers to spoof arbitrary SSL-based
SMTP servers via a crafted server certificate issued by a legitimate
Certification Authority, and (2) allows remote attackers to bypass
intended access restrictions via a crafted client certificate issued by
a legitimate Certification Authority, a related issue to CVE-2009-2408
(CVE-2009-4565).
Debian bug : 564581
It was discovered that sendmail, a Mail Transport Agent, does not properly handle
a '\0' character in a Common Name (CN) field of an X.509 certificate.
This allows an attacker to spoof arbitrary SSL-based SMTP servers via a crafted server
certificate issued by a legitimate Certification Authority, and to bypass intended
access restrictions via a crafted client certificate issued by a legitimate
Certification Authority.
For the oldstable distribution (etch), this problem has been fixed in
version 8.13.8-3+etch1
Description:
Previous versions of sendmail do not properly handle a '\0' character in a
Common Name (CN) field of an X.509 certificate, which could allow attackers
to spoof arbitrary SSL-based SMTP servers or bypass intended access
restrictions via a crafted server certificate issued by a legitimate
Certification Authority.
http://wiki.rpath.com/Advisories:rPSA-2010-0022
Copyright 2010 rPath, Inc.
|
