385667 – (CVE 2011-3365) <kde-base/kde 4.x KSSL Certificate Text Format Enforce Vulnerability (CVE 2011-3365)

Bug 385667 - (CVE 2011-3365) <kde-base/kde 4.x KSSL Certificate Text Format Enforce Vulnerability (CVE 2011-3365)

Summary: (CVE 2011-3365) <kde-base/kde 4.x KSSL Certificate Text Format Enforce Vulner...

Status:	RESOLVED DUPLICATE of bug 384227

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:	http://www.kde.org/info/security/advi...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2011-10-04 21:39 UTC by Michael Harrison
Modified:	2011-10-04 22:20 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Harrison 2011-10-04 21:39:45 UTC

The vulnerability is caused due to KSSL not properly setting the text format when displaying certificate information, which can be exploited to spoof certificates via e.g. certificates containing specially crafted RTF data in the Common Name (CN) field.

Comment 1 Agostino Sarubbo gentoo-dev

2011-10-04 22:20:40 UTC

Hi, thanks for your interest, but check if the bug is already opened.

*** This bug has been marked as a duplicate of bug 384227 ***