Lucene search
Gentoo FoundationMGASA-2014-0353HistoryAug 27, 2014 - 3:04 a.m.
Updated serf packages fix CVE-2014-3504
2014-08-2703:04:56
Gentoo Foundation
advisories.mageia.org
7
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
31.1%
Updated serf packages fix security vulnerability: Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications (CVE-2014-3504).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 3 | noarch | serf | < 1.1.1-2.1 | serf-1.1.1-2.1.mga3 |
| Mageia | 4 | noarch | serf | < 1.3.2-2.1 | serf-1.3.2-2.1.mga4 |
Related
nessus
nessus
FreeBSD : serf -- SSL Certificate Null Byte Poisoning (69048656-2187-11e4-802c-20cf30e32f6d)
2014-08-12 00:00:00
Mandriva Linux Security Advisory : serf (MDVSA-2014:166)
2014-09-12 00:00:00
Fedora 20 : libserf-1.3.7-1.fc20 (2014-9367)
2014-08-23 00:00:00
securityvulns
securityvulns
[USN-2315-1] serf vulnerability
2014-08-26 00:00:00
serf certificate name spoofing vulnerability
2014-08-26 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2315-1)
2014-08-15 00:00:00
Fedora Update for libserf FEDORA-2014-9367
2014-08-23 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-397)
2015-09-08 00:00:00
amazon
amazon
Medium: libserf
2014-09-03 14:37:00
fedora
fedora
[SECURITY] Fedora 20 Update: libserf-1.3.7-1.fc20
2014-08-23 01:59:00
ubuntucve
ubuntucve
CVE-2014-3504
2014-08-12 00:00:00
freebsd
freebsd
serf -- SSL Certificate Null Byte Poisoning
2014-08-06 00:00:00
debiancve
debiancve
CVE-2014-3504
2014-08-19 18:55:00
veracode
veracode
Man-In-The-Middle
2020-12-06 03:32:45
prion
prion
Design/Logic Flaw
2014-08-19 18:55:00
ubuntu
ubuntu
serf vulnerability
2014-08-14 00:00:00
cve
cve
CVE-2014-3504
2014-08-19 18:55:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1979
2021-07-02 18:11:52
gentoo
gentoo
Subversion, Serf: Multiple Vulnerabilities
2016-10-11 00:00:00
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
31.1%
Related for MGASA-2014-0353