CVE-2011-1094

2011-03-1600:00:00

ubuntu.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.9%

JSON

kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not
properly verify that the server hostname matches the domain name of the
subject of an X.509 certificate, which allows man-in-the-middle attackers
to spoof arbitrary SSL servers via a certificate issued by a legitimate
Certification Authority for an IP address, a different vulnerability than
CVE-2009-2702.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/kde4libs/+bug/743669>

Notes

Author	Note
jdstrand	kdelibs has a very different ssl implementation and konqueror does not use it

OSVersionArchitecturePackageVersionFilename
ubuntu9.10noarchkde4libs< 4:4.3.2-0ubuntu7.3UNKNOWN
ubuntu10.04noarchkde4libs< 4:4.4.5-0ubuntu1.1UNKNOWN
ubuntu10.10noarchkde4libs< 4:4.5.1-0ubuntu8.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	9.10	noarch	kde4libs	< 4:4.3.2-0ubuntu7.3	UNKNOWN
ubuntu	10.04	noarch	kde4libs	< 4:4.4.5-0ubuntu1.1	UNKNOWN
ubuntu	10.10	noarch	kde4libs	< 4:4.5.1-0ubuntu8.1	UNKNOWN