Ubuntu: Security Advisory (USN-810-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Solaris Third-Party Patch Update : php (cve_2013_4248_input_validation)

The remote Solaris system is missing necessary patches to address security updates : - The opensslx509parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of a...

Design/Logic Flaw

The OpenSSL::SSL.verifycertificateidentity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows...

Design/Logic Flaw

The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...

Design/Logic Flaw

The opensslx509parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL...

Oracle Linux 3 : seamonkey (ELSA-2009-1432)

From Red Hat Security Advisory 2009:1432 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser,...

CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client

The OpenSSL::SSL.verifycertificateidentity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows...

SuSE 11 Security Update : Mozilla (SAT Patch Number 1304)

Mozilla Thunderbird was updated to version 2.0.0.23. The release fixes one security issue: MFSA 2009-42 / CVE-2009-2408: IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities CA which...

CentOS Update for seamonkey CESA-2009:1432 centos3 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

SuSE 10 Security Update : OpenLDAP 2 (ZYPP Patch Number 6598)

This update of openldap2 makes SSL certificate verification more robust against uses of the special character \0 in the subjects name. CVE-2009-2408 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

OpenLDAP: Doesn't properly handle NULL character in subject Common Name

libraries/libldap/tlso.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers vi...

Design/Logic Flaw

istream.c in w3m 0.5.2 and possibly other versions, when sslverifyserver is enabled, does not properly handle a '\0' character in a domain name in the 1 subject's Common Name or 2 Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary S...

Design/Logic Flaw

libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...

Mandriva Update for kdelibs4 MDVSA-2010:028 (kdelibs4)

Check for the Version of kdelibs4 OpenVAS Vulnerability Test Mandriva Update for kdelibs4 MDVSA-2010:028 kdelibs4 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Mandriva Update for kdelibs4 MDVSA-2010:028 (kdelibs4)

Check for the Version of kdelibs4 OpenVAS Vulnerability Test Mandriva Update for kdelibs4 MDVSA-2010:028 kdelibs4 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Mandriva Update for sendmail MDVSA-2010:003 (sendmail)

Check for the Version of sendmail OpenVAS Vulnerability Test Mandriva Update for sendmail MDVSA-2010:003 sendmail Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Mandriva Update for sendmail MDVSA-2010:003 (sendmail)

Check for the Version of sendmail OpenVAS Vulnerability Test Mandriva Update for sendmail MDVSA-2010:003 sendmail Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Mandriva Linux Security Advisory : sendmail (MDVSA-2010:003)

A security vulnerability has been identified and fixed in sendmail : sendmail before 8.14.4 does not properly handle a '\0' NUL character in a Common Name CN field of an X.509 certificate, which 1 allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server...

VMSA-2010-0001 : ESX Service Console and vMA updates for nss and nspr

a. Update for Service Console packages nss and nspr Service console packages for Network Security Services NSS and NetScape Portable Runtime NSPR are updated to versions nss-3.12.3.99.3-1.2157 and nspr-4.7.6-1.2213 respectively. This patch fixes several security issues in the service console...

VMSA-2010-0001:ESX Service Console and vMA updates for nss and nspr

VMSA-2010-0001.1 ESX Service Console and vMA updates for nss and nspr VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2010-0001.1 VMware Security Advisory Synopsis: ESX Service Console and vMA updates for nss and nspr VMware Security Advisory Issue date: 2010-03-03 VMware...