OpenSSL - Alternative Chains Certificate Forgery

OpenSSL - Alternative Chains Certificate Forgery !/usr/bin/env ruby encoding: ASCII-8BIT By Ramon de C Valle. This work is dedicated to the public domain. require 'openssl' require 'optparse' require 'socket' Version = 0, 0, 1 Release = nil class String def hexdumpstream=$stdout 0.stepbytesize - ...

CVE-2009-0653

OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970...

freeradius: insufficient CRL validation

The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List CRL checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA certificates. An unexpire...

FreeBSD : freeradius -- insufficient CRL application vulnerability (379788f3-2900-11e5-a4a5-002590263bf5)

oCERT reports : The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List CRL checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA...

FreeRADIUS Certificate Improperly Validated Revocation of Intermediate CA Certificate Vulnerability

FreeRadius is an open source based on the Radius protocol , the implementation of Radius AAA Authentication, Authorization, Accounting function of the software . FreeRadius fails to correctly detect the intermediate CA certificate , allowing remote users with an intermediate CA issued a certifica...

paradiseintermediate.pusdk12.org XSS vulnerability

Open Bug Bounty ID: OBB-68905 Description| Value ---|--- Affected Website:| paradiseintermediate.pusdk12.org Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS...

SUSE SLED11 / SLES11 Security Update : libfreebl3 (SUSE-SU-2013:1920-1)

Mozilla NSS has been updated to the 3.15.3.1 security release. The update blacklists an intermediate CA that was abused to create man in the middle certificates. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...

Apple Leaves CNNIC Root in iOS, OSX Certificate Trust Lists

When it was revealed late last month that a Chinese certificate authority had allowed an intermediate CA to issue unauthorized certificates for some Google domains, both Google and Mozilla reacted quickly and dropped trust in CNNIC altogether, Apple has kept the root certificates in its trusted...

CA Tied to Chinese Registrar Issued Unauthorized Google Certificates

Google security engineers, investigating fraudulent certificates issued for several of the company’s domains, discovered that a Chinese certificate authority was using an intermediate CA, MCS Holdings, that issued the unauthorized Google certificates, and could have issued certificates for...

Firefox 37 to Include New OneCRL Certificate Blocklist

The next version of Mozilla Firefox will include a new certificate revocation list that will speed up and streamline the process of revoking intermediate certificates trusted by the browser. The new feature, known as OneCRL, is meant as a replacement for the old OCSP online certificate status...

openSUSE Security Update : MozillaFirefox (openSUSE-SU-2014:1099-1)

Mozilla Firefox was updated to Firefox 32 fixing security issues and bugs. Security issues fixed: MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction...

MS IE 5/6,Konqueror 2.2.2/3.0,Weblogic Server 5/6/7 Invalid X.509 Certificate Chain

No description provided by source. source: http://www.securityfocus.com/bid/5410/info A flaw has been reported in the handling of X.509 certificates by a number of products, including several web browsers. It may be possible for a malicious party to create certificates for arbitrary domains, whic...

GnuTLS X.509 Version 1 Intermediate Certificate Policy Bypass (CVE-2014-1959)

A policy-bypass vulnerability has been found in GnuTLS. The vulnerability is due to an error in lib/x509/verify.c where an X.509 version 1 certificate is incorrectly treated as an intermediate CA certificate. A remote attacker could exploit this vulnerability to bypass certificate validation...

Fortify SCA analysis code vulnerabilities the whole solution-vulnerability warning-the black bar safety net

The last describes the use of FindBugs-assisted analysis of code vulnerability, this time a tools: Fortify SCA Demo 4.0.0。 Fortify is a security aspect of the quite famous company, there is not much to say. First introduce the protagonist: the Fortify SCA Demo 4.0.0, although do not know now...

DEBIAN-CVE-2014-1959

lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates...

CVE-2009-5138

GnuTLS before 2.7.6, when the GNUTLSVERIFYALLOWX509V1CACRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different...

gnutls: incorrect handling of V1 intermediate certificates

GnuTLS before 2.7.6, when the GNUTLSVERIFYALLOWX509V1CACRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different...

gnutls -- multiple certificate verification issues

GnuTLS project reports: A vulnerability was discovered that affects the certificate verification functions of all gnutls versions. A specially crafted certificate could bypass certificate validation checks. The vulnerability was discovered during an audit of GnuTLS for Red Hat. Suman Jana reporte...

[USN-2121-1] GnuTLS vulnerability

========================================================================== Ubuntu Security Notice USN-2121-1 February 25, 2014 gnutls26 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

USN-2121-1: GnuTLS vulnerability

Suman Jana discovered that GnuTLS incorrectly handled version 1 intermediate certificates. This resulted in them being considered to be a valid CA certificate by default, which was contrary to documented behaviour...