User: Password:
Subscribe / Log in / New account


Convergence: User-controlled SSL certificate checking

October 19, 2011

This article was contributed by Nathan Willis

SSL certificate authorities (CAs) have been in the news quite a bit in the past year or so, and not in a good light. Back in 2008, researchers at Carnegie-Mellon University published a paper outlining a different approach that they termed Perspectives, in which a user would query multiple independent "notaries" about the authenticity of an SSL certificate, rather than relying on a centralized CA. Convergence is a new project that builds on the ideas established in the Perspectives system, ideally to increase privacy, flexibility, and speed. Its creator argues that it can completely replace the CA system solely with browser-side adoption — although not everyone agrees.

Why anyone cares (or should...)

To review, the CA system is designed to foil a particular type of attack on SSL connections: the man-in-the-middle (MITM) attack, in which an attacker intercepts a browser connection destined for a secure site, makes its own connection to the secure site instead, and rewrites all traffic between the browser and the site — copying down the secrets it wants to steal, but otherwise invisibly maintaining the connection between the two endpoints. From both endpoints' point-of-view, the traffic would be encrypted.

Using the CA system, however, the browser first asks the server for its identity in the form of a certificate, and checks that the certificate is cryptographically signed by a trustworthy external authority, the CA. "Intermediate"-level CAs have their own certificates signed by parent CAs, eventually chaining all the way back to one of a select group of root CAs whose certificates are installed with the browser.

The trouble is that the entire framework hinges on those root CAs being impenetrable, which the recent Comodo and DigiNotar attacks prove is, sadly, not true. Attackers can break into a CA and use its secret key to sign rogue certificates of their own invention. There is also the possibility of CAs (or their employees) being subverted by criminals or governments to create rogue certificates. The signature on a rogue certificate checks out as authentic, hijacking the entire chain of trust.


Perspectives (and the Firefox extension that implemented it) was actually created to solve a slightly different problem: how to verify the identity of a self-signed certificate, which by its very nature cannot be checked against a "trusted" third-party CA. Instead, Perspectives relies on the collective judgment of a set of "notaries" — independent servers that request certificates from sites.

The browser queries multiple notaries about a particular certificate, and each one reports back a fingerprint of the certificate it gets from the site. If the notaries are on different routes to the server in question, and all see the same certificate, then the certificate is probably legitimate. The other possibility is that an attacker has taken over the routes between all of the notaries and the chosen server and is performing a MITM attack on each of them — in which case, the browser is simply up SSL Creek without a paddle. That type of false-positive is unlikely, however, and an attacker powerful to perform it (a national network backbone provider or government, perhaps) would be difficult to escape.

The Perspectives technique provides a way to check a self-signed certificate's authenticity courtesy of what the original paper calls "multi-path probing", but it has the nice property of providing similar authenticity assurances for CA-signed certificates, too. The implementation in the Firefox extension had its problems, however — it only performed notary verification for the initial HTTPS request, not subsequent elements like images and scripts, and there was a noticeable lag time between querying a notary and getting a response in return (which may in part be due to the notary re-requesting the certificate before responding). On top of that, it has simply not been regularly updated to work with ongoing Firefox builds, which periodically makes it unavailable for frequent updaters.


At Black Hat 2011 in August, developer Moxie Marlinspike presented an extended version of the Perspectives technique he called Convergence. Convergence tackles both of the aforementioned issues directly, decreasing lag time through caching (although there does not appear to be any hard data comparing the speed of the two approaches), and checking all HTTPS requests through the notary mechanism. But it pushes the envelope in other ways as well.

First, although it could serve as a double-check mechanism for CA-verified certificates, Perspectives did not bypass Firefox's built-in CA verification system; Convergence replaces it entirely. This can even be seen in the UI: Firefox's standard "identity block" to the left of the location bar shows the name of the site and the CA used to verify its SSL certificate, while the Convergence extension replaces this information with "verified by Convergence" instead.

Marlinspike was also concerned about the privacy implications of Perspectives: notaries were in a position to track browser behavior by collecting the IP address (and other connection information) of each request and logging the SSL certificates it queried. Convergence attempts to guard against this by enabling each notary to serve in two distinct modes, either making SSL certificate queries, or acting as a relay (a function which Marlinspike calls a "bounce node").

In this scheme, when the browser needs to check a certificate, it first chooses a bounce node. Subsequently, the browser sends certificate queries to the bounce node, each destined for another notary and encrypted with the public key contained in that notary's ID "bundle", which is a publicly-accessible .notary file on the notary server. Which notary it chooses does not affect the protocol; it could be randomized for each query or the browser could select a personal favorite. The bounce node forwards the query to the notary (who decrypts and executes it), and forwards the notary's response back to the browser. Thus the bounce node knows who sent the query, but cannot read it, and the notary used knows what certificate is requested but not who asked, ultimately preserving the browser's anonymity. Using more than one notary is critical to both the Perspectives and Convergence approaches, but how many notaries are used in order to deem a certificate "verified" is left up to the user

The Convergence Firefox extension is available directly from the project web site, although, disconcertingly (and ironically, for a security project), it asks to install itself directly rather than offering a download link — or even a means to check the signature on the transmitted .xpi file. The extension source code is also available on Marlinspike's GitHub site, as is the notary server code. The server code is written in Python, uses SQLite, and requires only generating a key pair and an empty database to begin. Each notary is "advertised" with a publicly accessible JSON-formatted .notary file containing hostname and port information along with the notary's public key.

Users can add a new notary to their browser's list of alternatives by requesting (i.e., clicking on) the notary's .notary file. If they later decide that a notary is no longer trustworthy, it can be removed at will. In his talk, Marlinspike calls this "trust agility" and says it is an essential feature of any CA-replacement scheme. In practice, he observes, CA trust cannot be revoked, because doing so (even when a CA is shown to be unreliable, such as Comodo) cuts off access to thousands of legitimate and uncompromised sites. For now, the GitHub site also hosts a list of known notaries, numbering around 40. The extension itself comes with a pre-loaded set of notaries to get started with.

Marlinspike also emphasized in his talk that Convergence's user-controllable, multiple-notary system does not hinge solely on whether or not each notary uses the Perspectives approach. Instead, the key factor is that the user has control over a dynamic set of trusted notaries. Some notaries could attempt to verify sites through other means, including DNSSEC, and the framework would still function for users. The user is responsible for setting his or her own "threshold" for accepting or rejecting a site's identity, based on what the notaries report about it.

Problems and criticisms

Marlinspike argued that Convergence could replace the CA system entirely if the majority of browser vendors got behind it — chiefly because no change is required of site administrators; their existing SSL certificates function just as well in Convergence's identity check process as they do today. But the user-configurability and flexibility of the system that Marlinspike regards as Convergence's strong suit is seen as an inherent weakness by the Chromium/Chrome team.

Google's Adam Langley wrote a blog post about the issue in September. He claimed that user statistics indicate "99.99% of Chrome users would never change the default settings," and as a result, the default set of notaries shipped with the browser would need to offer extremely high uptime and handle a tremendous traffic load. That, in turn, would mean that "Google would end up running the notaries. So the design boils down to Chrome phoning home for certificate validation," and Convergence support is therefore something that Google is not interested in adding.

Langley also cited two problems that Convergence cannot currently overcome: connecting to "internal servers" and captive portals. Langley does not elaborate on internal servers, but probably means intranet services that cannot be queried by notaries outside the internal network. Captive portals are a bigger problem, because they are widespread in public WiFi hotspots. Specifically, the issue is that a captive portal intercepts all HTTP and HTTPS traffic before the client sign-on is complete, so the browser cannot contact any notaries to verify that the portal itself is who it claims to be and not a clever phishing site.

Marlinspike addressed captive portals at the end of his talk, in terms of a lingering open question. Based on his slides (which show hypothetical notaries run by personally-trusted organizations like the Electronic Frontier Foundation), he does not seem too concerned about Langley's claim that Google would end up shouldering the burden of operating the world's notaries. Marlinspike also referred to what he called "the Citibank problem", where the Citibank URL transparently redirects different HTTPS requests to different internal servers with separate SSL certificates, thus making it impossible for notaries to verify the certificate by making independent requests. He did not have a solution, but did point out that Citibank is the only site known to suffer from this problem.

But despite his concerns, Langley was not all negative; he praised the Convergence extension as something worthwhile for those who wish to use it, and said that by coding it, Marlinspike "has already done a thousand times more to address the problem than almost anyone else." For its part Mozilla seems equally non-committal towards including the Convergence system in the future. Daniel Veditz said in a comment on the Mozilla Security blog that he was "intrigued by the Perspectives/Convergence experiments and we're definitely watching to see how they work in practice and at scale. We have no plans to build either one into Firefox at this time." There does not appear to be any public comment on Convergence from either the Internet Explorer or Safari teams.

Regardless of whether or not it ever appears as a built-in option, reality is that users with a mistrust of the CA system can use Convergence today to completely replace the default certificate-verification mechanism in Firefox. For some, that will probably be enough. Unfortunately, since the Black Hat talk, there has been little in the way of developing Convergence further as an open source project. There is a mailing list that has only archived a few messages, and the documentation — particularly for the protocol — is sparse. There is clearly sufficient interest in replacing the CA system to spawn work on a distributed, open source solution, but whether it remains a niche service like Tor or survives to affect the mainstream Web is entirely up in the air.

Comments (3 posted)

Brief items

Security quotes of the week

The Chaos Computer Club has disassembled and analyzed the Trojan used by the German police for legal intercept. In its default mode, it takes regular screenshots of the active window and sends it to the police. It encrypts data in AES Electronic Codebook mode with -- are you ready? -- a fixed key across all versions. There's no authentication built in, so it's easy to spoof. It sends data to a command-and-control server in the U.S., which is almost certainly against German law. There's code to allow the controller to install additional software onto the target machine, but that's not authenticated either, so it would be easy to fool the Trojan into installing anything.
-- Bruce Schneier

Stuxnet was circulating for a long time before AV vendors stumbled over an infected system and were able to piece together the attack vector. The same could apply to Duqu. The happenstance of discovery may not reflect the sequence of release by the attackers. With that in mind, it could mean that Duqu was the tool for the information-gathering necessary for the targeted Stuxnet attack. Alternatively, Duqu could be the precursor to another SCADA-type attack. Or the events could be entirely independent.
-- Gunter Ollmann about Duqu, "son of Stuxnet" in Dark Reading

[1] Hilariously, Microsoft's signing tool gets this wrong by also adding the contents of gaps between sections in direct contravention of their own specification. This is fine for binaries generated by Microsoft's toolchain because they don't have any gaps, but since our binaries do contain gaps[2] and since the standard firmware implementation[3] does implement the specification correctly, any Linux-generated binaries signed with the Microsoft tool fail validation. Go team.
[2] Something that is, as far as we can tell, permitted by the PE-COFF specification
[3] Written by Intel, not Microsoft
-- Matthew Garrett's footnotes about Microsoft's Secure Boot implementation

Allow me to illustrate by turning the argument around in an equally cynical way, with an equally inflammatory rhetorical flourish:

People who make their living in the Linux ecosystem are demanding that Microsoft disable a key security feature planned for Windows 8 so that malware authors can continue to infect those PCs and drive their owners to alternate operating systems.

Oh, wait. Now that I think about it, that's actually pretty close to the truth.

-- Ed Bott misses the point

Comments (13 posted)

Garrett: Management of UEFI secure booting

Matthew Garrett reports on a proposed solution for the UEFI Secure Boot problem that was recently highlighted by the Free Software Foundation. "How does this avoid the problems associated with prompting the user to boot untrusted binaries? The first is that there's no problem with updates. Because a key has been imported, as long as future bootloader updates are signed with the same key, they'll boot without prompting the user. The second is that it can be limited to removable media. If malware infects the system and installs itself onto the hard drive, the firmware won't prompt for key installation. It'll just refuse to boot and fall back on whatever recovery procedures the OEM has implemented. The only way it could get on the system would involve the user explicitly booting off removable media, which would be a significant hurdle. If you're at that stage then you can also convince the user to disable secure boot entirely." LWN also took a look at the problem back in June.

Comments (14 posted)

New vulnerabilities

awstats: multiple vulnerabilities

Package(s):awstats CVE #(s):
Created:October 19, 2011 Updated:October 19, 2011
Description: Multiple flaws were reported in current versions of AWStats' script. See the Red Hat bugzilla for details.
Fedora FEDORA-2011-14025 awstats 2011-10-09
Fedora FEDORA-2011-13999 awstats 2011-10-09

Comments (none posted)

conky: privilege escalation

Package(s):conky CVE #(s):CVE-2011-3616
Created:October 14, 2011 Updated:October 19, 2011

From the Red Hat Bugzilla entry:

A Debian bug report [1],[2] indicated that conky is vulnerable to an arbitrary file overwrite flaw. In the getSkillname() function of the Eve plugin, there is a race condition between when the plugin checks for the existence of /tmp/.cesf and when it writes to the file, easily beaten because getXmlFromAPI() is called in between (which can take time due to network latency, etc.). If a user were able to beat the race and create a symlink of /tmp/.cesf to any file the user running conky had write access to, they could overwrite the contents of that file.

Gentoo 201110-09 conky 2011-10-13

Comments (none posted)

feh: arbitrary file creation

Package(s):feh CVE #(s):CVE-2011-1031
Created:October 14, 2011 Updated:October 19, 2011

From the CVE entry:

The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702.

Gentoo 201110-08 feh 2011-10-13

Comments (none posted)

java: multiple vulnerabilities

Package(s):java-1.6.0-openjdk CVE #(s):CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560
Created:October 19, 2011 Updated:February 6, 2013
Description: From the Red Hat advisory:

A flaw was found in the Java RMI (Remote Method Invocation) registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. (CVE-2011-3556)

A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute code on the RMI server with unrestricted privileges. (CVE-2011-3557)

A flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization code. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions by deserializing specially-crafted input. (CVE-2011-3521)

It was found that the Java ScriptingEngine did not properly restrict the privileges of sandboxed applications. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3544)

A flaw was found in the AWTKeyStroke implementation. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3548)

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the Java2D code used to perform transformations of graphic shapes and images. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3551)

An insufficient error checking flaw was found in the unpacker for JAR files in pack200 format. A specially-crafted JAR file could use this flaw to crash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code with JVM privileges. (CVE-2011-3554)

It was found that HttpsURLConnection did not perform SecurityManager checks in the setSSLSocketFactory method. An untrusted Java application or applet running in a sandbox could use this flaw to bypass connection restrictions defined in the policy. (CVE-2011-3560)

An information leak flaw was found in the InputStream.skip implementation. An untrusted Java application or applet could possibly use this flaw to obtain bytes skipped by other threads. (CVE-2011-3547)

A flaw was found in the Java HotSpot virtual machine. An untrusted Java application or applet could use this flaw to disclose portions of the VM memory, or cause it to crash. (CVE-2011-3558)

The Java API for XML Web Services (JAX-WS) implementation in OpenJDK was configured to include the stack trace in error messages sent to clients. A remote client could possibly use this flaw to obtain sensitive information. (CVE-2011-3553)

It was found that Java applications running with SecurityManager restrictions were allowed to use too many UDP sockets by default. If multiple instances of a malicious application were started at the same time, they could exhaust all available UDP sockets on the system. (CVE-2011-3552)

Gentoo 201406-32 icedtea-bin 2014-06-29
Fedora FEDORA-2013-1898 java-1.6.0-openjdk 2013-02-05
Fedora FEDORA-2012-16351 java-1.6.0-openjdk 2012-10-18
SUSE SUSE-SU-2012:0602-1 IBM Java 1.5.0 2012-05-09
Red Hat RHSA-2012:0508-01 java-1.5.0-ibm 2012-04-23
SUSE SUSE-SU-2012:0114-2 IBM Java 1.6.0 2012-03-06
SUSE SUSE-SU-2012:0122-2 IBM Java 1.4.2 2012-02-23
Fedora FEDORA-2012-1690 java-1.7.0-openjdk 2012-02-15
SUSE SUSE-SU-2012:0122-1 IBM Java 1.4.2 2012-01-26
SUSE SUSE-SU-2012:0114-1 IBM Java 2012-01-23
Red Hat RHSA-2012:0034-01 java-1.6.0-ibm 2012-01-18
Red Hat RHSA-2012:0006-01 java-1.4.2-ibm 2012-01-09
Debian DSA-2358-1 openjdk-6 2011-12-05
SUSE SUSE-SU-2011:1298-1 IBM Java 2011-12-02
Debian DSA-2356-1 openjdk-6 2011-12-01
Red Hat RHSA-2011:1478-01 java-1.5.0-ibm 2011-11-24
Mandriva MDVSA-2011:170 java-1.6.0-openjdk 2011-11-11
Ubuntu USN-1263-1 icedtea-web, openjdk-6, openjdk-6b18 2011-11-16
Fedora FEDORA-2011-15555 java-1.7.0-openjdk 2011-11-07
Scientific Linux SL-java-20111019 java-1.6.0-sun 2011-10-19
Gentoo 201111-02 sun-jdk 2011-11-05
openSUSE openSUSE-SU-2011:1196-1 java-1_6_0-openjdk 2011-10-28
Scientific Linux SL-java-20111018 java-1.6.0-openjdk 2011-10-18
Fedora FEDORA-2011-14648 java-1.6.0-openjdk 2011-10-20
Fedora FEDORA-2011-14638 java-1.6.0-openjdk 2011-10-20
CentOS CESA-2011:1380 java-1.6.0-openjdk 2011-10-19
Red Hat RHSA-2011:1384-01 java-1.6.0-sun 2011-10-19
Red Hat RHSA-2011:1380-01 java-1.6.0-openjdk 2011-10-18

Comments (none posted)

krb5: multiple vulnerabilities

Package(s):krb5 CVE #(s):CVE-2011-1527 CVE-2011-1528 CVE-2011-1529
Created:October 19, 2011 Updated:January 5, 2012
Description: From the Red Hat advisory:

Multiple NULL pointer dereference and assertion failure flaws were found in the MIT Kerberos KDC when it was configured to use an LDAP (Lightweight Directory Access Protocol) or Berkeley Database (Berkeley DB) back end. A remote attacker could use these flaws to crash the KDC. (CVE-2011-1527, CVE-2011-1528, CVE-2011-1529)

Red Hat would like to thank the MIT Kerberos project for reporting the CVE-2011-1527 issue. Upstream acknowledges Andrej Ota as the original reporter of CVE-2011-1527.

Gentoo 201201-13 mit-krb5 2012-01-23
Debian DSA-2379-1 krb5 2012-01-04
Fedora FEDORA-2011-14673 krb5 2011-10-20
Fedora FEDORA-2011-14650 krb5 2011-10-20
openSUSE openSUSE-SU-2011:1169-1 krb5 2011-10-24
Mandriva MDVSA-2011:160 krb5 2011-10-22
Mandriva MDVSA-2011:159 krb5 2011-10-22
Ubuntu USN-1233-1 krb5 2011-10-18
Scientific Linux SL-krb5-20111018 krb5 2011-10-18
Red Hat RHSA-2011:1379-01 krb5 2011-10-18

Comments (none posted)

ldns: arbitrary code execution

Package(s):ldns CVE #(s):CVE-2011-3581
Created:October 19, 2011 Updated:January 22, 2014
Description: From the Red Hat bugzilla:

It was reported that the ldns_rr_new_frm_str_internal() function of ldns, when parsing data of unknown RR types ("\#"), suffered from a boundary error. This could be exploited to cause a heap-based buffer overflow by parsing specially crafted DNS Resource Records, possibly leading to the execution of arbitrary code.

Gentoo 201401-25 ldns 2014-01-21
Debian DSA-2353-1 ldns 2011-11-24
openSUSE openSUSE-SU-2011:1161-1 ldns 2011-10-20
Fedora FEDORA-2011-13915 ldns 2011-10-07
Fedora FEDORA-2011-13929 ldns 2011-10-07

Comments (none posted)

libreoffice: arbitrary code execution

Package(s):libreoffice CVE #(s):CVE-2011-2685
Created:October 18, 2011 Updated:November 14, 2011
Description: From the CVE entry:

Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file.

Ubuntu USN-1496-1 2012-07-02
Mandriva MDVSA-2011:172 libreoffice 2011-11-11
openSUSE openSUSE-SU-2011:1143-2 libreoffice 2011-10-18
openSUSE openSUSE-SU-2011:1143-1 libreoffice 2011-10-18

Comments (none posted)

php: unspecified vulnerability

Package(s):php5 CVE #(s):CVE-2011-3268
Created:October 17, 2011 Updated:October 19, 2011
Description: From the CVE entry:

Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483.

Mandriva MDVSA-2012:071 php 2012-05-10
Mandriva MDVSA-2011:165 php 2011-11-03
openSUSE openSUSE-SU-2011:1138-1 php5 2011-10-17
openSUSE openSUSE-SU-2011:1137-1 php5 2011-10-17

Comments (none posted)

php: denial of service

Package(s):php5 CVE #(s):CVE-2011-3267
Created:October 17, 2011 Updated:October 19, 2011
Description: From the CVE entry:

PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors.

Mandriva MDVSA-2012:071 php 2012-05-10
Debian DSA-2408-1 php5 2012-02-13
Mandriva MDVSA-2011:165 php 2011-11-03
Ubuntu USN-1231-1 php5 2011-10-18
openSUSE openSUSE-SU-2011:1138-1 php5 2011-10-17

Comments (none posted)

php: denial of service

Package(s):php5 CVE #(s):CVE-2011-1657
Created:October 18, 2011 Updated:October 19, 2011
Description: From the Ubuntu advisory:

Maksymilian Arciemowicz discovered that the ZipArchive functions addGlob() and addPattern() did not properly check their flag arguments. This could allow a malicious script author to cause a denial of service via application crash.

Mandriva MDVSA-2012:071 php 2012-05-10
Debian DSA-2408-1 php5 2012-02-13
Mandriva MDVSA-2011:165 php 2011-11-03
Ubuntu USN-1231-1 php5 2011-10-18

Comments (none posted)

phpPgAdmin: cross-site scripting

Package(s):phpPgAdmin CVE #(s):CVE-2011-3598
Created:October 13, 2011 Updated:October 19, 2011

From the Red Hat Bugzilla entry:

Multiple cross-site scripting (XSS) flaws were reported in phpPgAdmin:

  • the 'title' argument of a particular web page was not sanitized properly prior displaying the page header,
  • the return ULR ('return_url') and return link name ('return_desc') were not sanitized properly prior displaying the requested page data.

A remote attacker could provide a specially-crafted URL, which once visited by an unsuspecting phpPgAdmin user could lead to arbitrary HTML or web script execution.

openSUSE openSUSE-SU-2012:0493-1 phppgadmin 2012-04-12
Fedora FEDORA-2011-13801 phpPgAdmin 2011-10-05
Fedora FEDORA-2011-13805 phpPgAdmin 2011-10-05

Comments (none posted)

pidgin: denial of service

Package(s):pidgin CVE #(s):CVE-2011-3594
Created:October 14, 2011 Updated:January 9, 2012

From the Red Hat advisory:

An input sanitization flaw was found in the way the Pidgin SILC (Secure Internet Live Conferencing) protocol plug-in escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted SILC message. (CVE-2011-3594)

Gentoo 201206-11 pidgin 2012-06-21
Fedora FEDORA-2011-17546 pidgin 2011-12-30
Fedora FEDORA-2011-17558 pidgin 2011-12-30
Mandriva MDVSA-2011:183 pidgin 2011-12-10
openSUSE openSUSE-SU-2011:1291-1 pidgin 2011-12-01
Ubuntu USN-1273-1 pidgin 2011-11-21
CentOS CESA-2011:1371 pidgin 2011-11-09
CentOS CESA-2011:1371 pidgin 2011-10-14
Scientific Linux SL-pidg-20111013 pidgin 2011-10-13
Red Hat RHSA-2011:1371-01 pidgin 2011-10-13

Comments (none posted)

quassel: insecure installation permissions

Package(s):quassel CVE #(s):
Created:October 14, 2011 Updated:October 19, 2011

From the Ubuntu advisory:

Felix Geyer discovered that the quassel-core post installation script created data and logging directories which were readable by all users. The post installation script also generated a certificate, in the data directory, which was readable by all users.

Ubuntu USN-1230-1 quassel 2011-10-14

Comments (none posted)

tomcat: authentication bypass

Package(s):tomcat CVE #(s):CVE-2011-3190
Created:October 17, 2011 Updated:February 2, 2012
Description: From the CVE entry:

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

Mageia MGASA-2012-0189 tomcat6 2012-08-02
Gentoo 201206-24 tomcat 2012-06-24
Debian DSA-2401-1 tomcat6 2012-02-02
CentOS CESA-2011:1780 tomcat6 2011-12-22
Scientific Linux SL-tomc-20111205 tomcat6 2011-12-05
Oracle ELSA-2011-1780 tomcat6 2011-12-05
Red Hat RHSA-2011:1780-01 tomcat6 2011-12-05
Ubuntu USN-1252-1 tomcat6 2011-11-08
Fedora FEDORA-2011-13457 tomcat6 2011-09-29
Mandriva MDVSA-2011:156 tomcat5 2011-10-18
openSUSE openSUSE-SU-2011:1134-1 tomcat 2011-10-17

Comments (none posted)

tomcat: multiple vulnerabilities

Package(s):tomcat5 CVE #(s):CVE-2011-1184
Created:October 18, 2011 Updated:August 10, 2012
Description: From the Mandriva advisory:

The implementation of HTTP DIGEST authentication in tomcat was discovered to have several weaknesses.

Mageia MGASA-2012-0189 tomcat6 2012-08-02
Fedora FEDORA-2012-7258 tomcat6 2012-08-09
Fedora FEDORA-2012-7593 tomcat6 2012-08-09
Gentoo 201206-24 tomcat 2012-06-24
Oracle ELSA-2012-0474 tomcat5 2012-04-12
openSUSE openSUSE-SU-2012:0208-1 tomcat6 2012-02-09
SUSE SUSE-SU-2012:0155-1 tomcat6 2012-02-07
Debian DSA-2401-1 tomcat6 2012-02-02
CentOS CESA-2011:1780 tomcat6 2011-12-22
CentOS CESA-2011:1845 tomcat5 2011-12-20
Oracle ELSA-2011-1845 tomcat5 2011-12-20
Scientific Linux SL-tomc-20111220 tomcat5 2011-12-20
Red Hat RHSA-2011:1845-01 tomcat5 2011-12-20
Scientific Linux SL-tomc-20111205 tomcat6 2011-12-05
Oracle ELSA-2011-1780 tomcat6 2011-12-05
Red Hat RHSA-2011:1780-01 tomcat6 2011-12-05
Ubuntu USN-1252-1 tomcat6 2011-11-08
Fedora FEDORA-2011-15005 tomcat6 2011-10-27
Mandriva MDVSA-2011:156 tomcat5 2011-10-18

Comments (none posted)

unbound: denial of service

Package(s):unbound CVE #(s):CVE-2010-0969
Created:October 17, 2011 Updated:October 19, 2011
Description: From the CVE entry:

Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

Gentoo 201110-12 unbound 2011-10-15

Comments (none posted)

xorg-server: xserver locking vulnerabilities

Package(s):xorg-server CVE #(s):CVE-2011-4028 CVE-2011-4029
Created:October 18, 2011 Updated:July 11, 2012
Description: Two vulnerabilities have been discovered in the code handling the X server lock that forbids two X servers from serving the same display simultaneously. This advisory has the details.
Fedora FEDORA-2015-3948 nx-libs 2015-03-26
Fedora FEDORA-2015-3964 nx-libs 2015-03-26
Mandriva MDVSA-2013:260 x11-server 2013-10-28
CentOS CESA-2012:0939 xorg-x11-server 2012-07-10
Scientific Linux SL-xorg-20120709 xorg-x11-server 2012-07-09
Oracle ELSA-2012-0939 xorg-x11-server 2012-07-02
Scientific Linux SL-xorg-20120321 xorg-x11-server 2012-03-21
Oracle ELSA-2012-0303 xorg-x11-server 2012-03-07
Red Hat RHSA-2012:0303-03 xorg-x11-server 2012-02-21
openSUSE openSUSE-SU-2012:0227-1 xorg-x11-server 2012-02-09
Red Hat RHSA-2012:0939-04 xorg-x11-server 2012-06-20
SUSE SUSE-SU-2011:1292-1 xorg-x11-server 2011-12-02
Gentoo 201110-19 xorg-server 2011-10-22
Ubuntu USN-1232-2 xorg-server 2011-10-19
Ubuntu USN-1232-1 xorg-server 2011-10-18

Comments (none posted)

Page editor: Jake Edge
Next page: Kernel development>>

Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds