|
|
Log in / Subscribe / Register

kdelibs4: man-in-the-middle attack

Package(s):kdelibs4 CVE #(s):CVE-2011-1094
Created:April 4, 2011 Updated:June 21, 2011
Description: From the CVE entry:

kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702.

Alerts:
Gentoo 201406-34 kdelibs 2014-06-30
Pardus 2011-81 dovecot 2011-06-03
Pardus 2011-79 kdelibs 2011-05-11
Ubuntu USN-1110-1 kde4libs 2011-04-14
Mandriva MDVSA-2011:071 kdelibs4 2011-04-08
SUSE SUSE-SR:2011:006 apache2-mod_php5/php5, cobbler, evince, gdm, kdelibs4, otrs, quagga 2011-04-05
Ubuntu USN-1101-1 qt4-x11 2011-04-01
openSUSE openSUSE-SU-2011:0281-1 kdelibs4 2011-04-04
openSUSE openSUSE-SU-2011:0280-1 kdelibs4 2011-04-04
Red Hat RHSA-2011:0464-01 kdelibs 2011-04-21
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds