LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kdelibs4: man-in-the-middle attack

Package(s):kdelibs4 CVE #(s):CVE-2011-1094
Created:April 4, 2011 Updated:June 21, 2011
Description: From the CVE entry:

kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702.

Alerts:
Pardus 2011-81 2011-06-03
Pardus 2011-79 2011-05-11
Ubuntu USN-1110-1 2011-04-14
Mandriva MDVSA-2011:071 2011-04-08
SUSE SUSE-SR:2011:006 2011-04-05
Ubuntu USN-1101-1 2011-04-01
openSUSE openSUSE-SU-2011:0281-1 2011-04-04
openSUSE openSUSE-SU-2011:0280-1 2011-04-04
Red Hat RHSA-2011:0464-01 2011-04-21
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds