Lucene search

MitreCVE-2011-3422

HistorySep 12, 2011 - 12:40 p.m.

CVE-2011-3422

2011-09-1212:40:44

CWE-20

mitre

web.nvd.nist.gov

cve-2011-3422

keychain

apple

mac

os x

ssl

safari

man-in-the-middle

certificate

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

51.9%

JSON

The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari.

Affected configurations

Nvd

Node

applemac_os_xRange≤10.6.8

applemac_os_xMatch10.6.0

applemac_os_xMatch10.6.1

applemac_os_xMatch10.6.2

applemac_os_xMatch10.6.3

applemac_os_xMatch10.6.4

applemac_os_xMatch10.6.5

applemac_os_xMatch10.6.6

applemac_os_xMatch10.6.7

Node

applemac_os_x_serverRange≤10.6.8

applemac_os_x_serverMatch10.6.0

applemac_os_x_serverMatch10.6.1

applemac_os_x_serverMatch10.6.2

applemac_os_x_serverMatch10.6.3

applemac_os_x_serverMatch10.6.4

applemac_os_x_serverMatch10.6.5

applemac_os_x_serverMatch10.6.6

applemac_os_x_serverMatch10.6.7

VendorProductVersionCPE
applemac_os_x*cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
applemac_os_x10.6.0cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*
applemac_os_x10.6.1cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*
applemac_os_x10.6.2cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*
applemac_os_x10.6.3cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*
applemac_os_x10.6.4cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*
applemac_os_x10.6.5cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*
applemac_os_x10.6.6cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*
applemac_os_x10.6.7cpe:2.3:o:apple:mac_os_x:10.6.7:*:*:*:*:*:*:*
applemac_os_x_server*cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	mac_os_x	*	cpe:2.3:o:apple:mac_os_x::::::::
apple	mac_os_x	10.6.0	cpe:2.3:o:apple:mac_os_x:10.6.0:::::::*
apple	mac_os_x	10.6.1	cpe:2.3:o:apple:mac_os_x:10.6.1:::::::*
apple	mac_os_x	10.6.2	cpe:2.3:o:apple:mac_os_x:10.6.2:::::::*
apple	mac_os_x	10.6.3	cpe:2.3:o:apple:mac_os_x:10.6.3:::::::*
apple	mac_os_x	10.6.4	cpe:2.3:o:apple:mac_os_x:10.6.4:::::::*
apple	mac_os_x	10.6.5	cpe:2.3:o:apple:mac_os_x:10.6.5:::::::*
apple	mac_os_x	10.6.6	cpe:2.3:o:apple:mac_os_x:10.6.6:::::::*
apple	mac_os_x	10.6.7	cpe:2.3:o:apple:mac_os_x:10.6.7:::::::*
apple	mac_os_x_server	*	cpe:2.3:o:apple:mac_os_x_server::::::::

Rows per page:

1-10 of 181

References

lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

support.apple.com/kb/HT5130

www.computerworld.com/s/article/9219669/Mac_OS_X_can_t_properly_revoke_dodgy_digital_certificates

www.securityfocus.com/bid/49429

www.securitytracker.com/id?1026002

exchange.xforce.ibmcloud.com/vulnerabilities/69556

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

51.9%

JSON

Related for CVE-2011-3422