what you don't know can hurt you
Showing 1 - 2 of 2 RSS Feed

CVE-2010-5076

Status Candidate

Overview

QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Related Files

Ubuntu Security Notice USN-1504-1
Posted Jul 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1504-1 - It was discovered that Qt did not properly handle wildcard domain names or IP addresses in the Common Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. This issue only affected Ubuntu 10.04 LTS. A heap-based buffer overflow was discovered in the HarfBuzz module. If a user were tricked into opening a crafted font file in a Qt application, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-5076, CVE-2011-3193, CVE-2011-3194, CVE-2010-5076, CVE-2011-3193, CVE-2011-3194
MD5 | a9997166b739037023557de2955c6ae7
Red Hat Security Advisory 2012-0880-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0880-04 - Qt is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A flaw was found in the way Qt handled X.509 certificates with IP address wildcards. An attacker able to obtain a certificate with a Common Name containing an IP wildcard could possibly use this flaw to impersonate an SSL server to client applications that are using Qt. This update also introduces more strict handling for hostname wildcard certificates by disallowing the wildcard character to match more than one hostname component.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2010-5076, CVE-2011-3922
MD5 | 659dc61af3decae8b5765c3cf1ac546f
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    7 Files
  • 19
    Oct 19th
    1 Files
  • 20
    Oct 20th
    4 Files
  • 21
    Oct 21st
    2 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close