EUVD-2014-3505

Malware in sbrugna...

SUSE CVE-2014-3504

The 1 serfsslcertissuer, 2 serfsslcertsubject, and 3 serfsslcertcertificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof...

CVE-2014-3504

The 1 serfsslcertissuer, 2 serfsslcertsubject, and 3 serfsslcertcertificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof...

Authentication Bypass

Overview Affected versions of this package are vulnerable to Authentication Bypass. The 1 serfsslcertissuer, 2 serfsslcertsubject, and 3 serfsslcertcertificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name CN...

Ubuntu 14.04 LTS : serf vulnerability (USN-2315-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2315-1 advisory. Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could explo...

USN-2315-1 serf vulnerability

Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications...