ignore security and it'll go away
Showing 1 - 3 of 3 RSS Feed

CVE-2011-0228

Status Candidate

Overview

The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain.

Related Files

iOS SSL Implementation Certificate Validation Fail
Posted Jul 26, 2011
Authored by Trustwave | Site trustwave.com

iOS's SSL certificate parsing contains a flaw where it fails to check the basicConstraints parameter of certificates in the chain. By signing a new certificate using a legitimate end entity certificate, an attacker can obtain a "valid" certificate for any domain.

tags | advisory
systems | cisco
advisories | CVE-2011-0228
MD5 | cad2b8a6a5faf20d71d6e52b4f2aaac8
Apple Security Advisory 2011-07-25-1
Posted Jul 25, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-07-25-1 - A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains. The iOS 4.3.5 software update addresses this issue.

tags | advisory
systems | cisco, apple
advisories | CVE-2011-0228
MD5 | c46cdafe5ad8125ff2eaa0fd7bfd0f88
Apple Security Advisory 2011-07-25-2
Posted Jul 25, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-07-25-2 - The iOS 4.2.10 software update addresses a certificate chain validation issue. The issue existed in the handling of X.509 certificates where an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.

tags | advisory
systems | cisco, apple
advisories | CVE-2011-0228
MD5 | 736bedc8371f319d7a74a634f26455b2
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close