Showing 1 - 4 of 4

CVE-2014-3504

Status Candidate

Overview

The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Related Files

Gentoo Linux Security Advisory 201610-05: Posted Oct 12, 2016; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201610-5 - Multiple vulnerabilities have been found in Subversion and Serf, the worst of which could lead to execution of arbitrary code. Versions less than 1.9.4 are affected.; tags | advisory, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2014-0032, CVE-2014-3504, CVE-2014-3522, CVE-2014-3528, CVE-2015-0202, CVE-2015-0248, CVE-2015-0251, CVE-2015-3184, CVE-2015-3187, CVE-2015-5259, CVE-2016-2167, CVE-2016-2168; SHA-256 | 6fc3d8b062f4dd9dd7a5b8d8121065ad62aa138fd8e27bec35dc5e71fb9cd7e8; Download | Favorite | View

Mandriva Linux Security Advisory 2015-127: Posted Mar 30, 2015; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2015-127 - Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.; tags | advisory, remote; systems | linux, mandriva; advisories | CVE-2014-3504; SHA-256 | c2afdf6df232dfa0f1e7f2d6a4b68eb64ea16f42e60c5be7a833ec29608114c8; Download | Favorite | View

Mandriva Linux Security Advisory 2014-166: Posted Sep 2, 2014; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2014-166 - Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.; tags | advisory, remote; systems | linux, mandriva; advisories | CVE-2014-3504; SHA-256 | 12079b09a2f77f4dd2d0d59a4ecbb786e81a328e62175d579ca8fa9038067cf5; Download | Favorite | View

Ubuntu Security Notice USN-2315-1: Posted Aug 14, 2014; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2315-1 - Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.; tags | advisory, remote; systems | linux, ubuntu; advisories | CVE-2014-3504; SHA-256 | 4bdcba1f94fef85007b55290e9cc8ceb6ab7a331befa81d3031e5fabd3a1fc31; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 349 files
Ubuntu 62 files
Gentoo 33 files
Debian 24 files
Apple 9 files
malvuln 6 files
nu11secur1ty 5 files
Ahmet Umit Bayram 4 files
Jann Horn 4 files
Adam Gowdiak 4 files

File Archives

Systems

AIX (429)
Apple (2,088)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,047)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,500)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,819)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,935)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,527)
UNIX (9,407)
UnixWare (187)
Windows (6,660)
Other

CVE-2014-3504

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems