Description
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.
Affected products
- Apple / Safari1.0 – 1.0
- Apple / Safari1.0 – 1.0
- KDE / kde2.2.2
- KDE / konqueror_embedded0.1 – 0.1
- RedHat / linux7.2 – 7.2
- RedHat / linux7.1 – 7.1
- turbolinux / turbolinux_server7.0 – 7.0
- turbolinux / turbolinux_server8.0 – 8.0
- turbolinux / turbolinux_workstation7.0 – 7.0
- turbolinux / turbolinux_workstation8.0 – 8.0
References
- MISChttp://www.redhat.com/support/errata/RHSA-2003-192.html
- MAILING_LISThttp://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html
- MISChttp://www.turbolinux.com/security/TLSA-2003-36.txt
- MISChttp://www.redhat.com/support/errata/RHSA-2003-193.html
- MISChttp://www.securityfocus.com/archive/1/320707
- VENDOR_ADVISORYhttp://www.debian.org/security/2003/dsa-361
- MISChttp://www.kde.org/info/security/advisory-20030602-1.txt
- MISChttp://www.securityfocus.com/bid/7520