13 matches found
How to Create a Self-Signed SAN Certificate Using OpenSSL on Citrix ADC Appliance
This article describes how to create a self-signed SAN certificate with multiple subject alternate names...
GHSA-36QH-35CM-5W2W Authentication Bypass by Alternate Name in Apache Tomcat
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65...
SuSE 10 Security Update : gpg2 (ZYPP Patch Number 7107)
This update fixes a vulnerability of GnuPG2 to arbitrary code execution by context-dependent attackers due to reusing a freed pointer when verifying a signature or importing a certificate with many 'Subject Alternate Names'. CVE-2010-2547 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
Ubuntu Update for gnupg2 vulnerability USN-970-1
Ubuntu Update for Linux kernel vulnerabilities USN-970-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9701.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for gnupg2 vulnerability USN-970-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
CVE-2010-2547
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc...
Design/Logic Flaw
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc...
CVE-2010-2547
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc...
CVE-2010-2547
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc...
CVE-2010-2547
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc...
2: use-after-free when importing certificate with many alternate names
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc...
Debian DSA-1621-1 : icedove - several vulnerabilities
Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0304 It was discovered that a buffer overflow in MIME decoding can lead t...
Mozilla Foundation Security Advisory 2008-31
Mozilla Foundation Security Advisory 2008-31 Title: Peer-trusted certs can use alt names to spoof Impact: Moderate Announced: July 1, 2008 Reporter: John G. Myers Products: Firefox 2, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.15 SeaMonkey 1.1.10 Description Mozilla developer John G. Myers...
Peer-trusted certs can use alt names to spoof — Mozilla
Mozilla developer John G. Myers reported a weakness in the trust model used by Mozilla regarding alternate names on self-signed certificates and those with mismatched names that if accepted could be used to spoof a secure connection to any other site. This problem was independently reported by...