---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Entrust ESP Certificate Path Validation Security Issue SECUNIA ADVISORY ID: SA26630 VERIFY ADVISORY: http://secunia.com/advisories/26630/ CRITICAL: Less critical IMPACT: Security Bypass, Spoofing WHERE: >From remote SOFTWARE: Entrust Entelligence Security Provider 8.x http://secunia.com/product/13733/ DESCRIPTION: A security issue has been reported in Entrust Entelligence Security Provider (ESP), which can lead to untrusted certificates misleadingly being displayed as trustworthy. The security issue is caused due to an error in the handling of flags and error states in Security Provider when the Path Building and Validation modules are installed. This can lead to untrusted certificates wrongly being displayed as trusted and e.g. users connecting to an untrusted SSL server or using an untrusted public key. The error can occur when a certificate path is incomplete and does not chain the root certificate, an application requests a path validation and indicates that an unknown revocation status should not cause the path validation to fail, or the application indicates that certain errors in the certificate path should be ignored. The security issue is reported in Entrust Entelligence Security Provider 8 running on the following platforms: • Microsoft Windows 2000 Professional SP4 • Microsoft Windows XP SP1, SP1a, or SP2 (Professional/Home/Tablet 32-bit editions) • Microsoft Windows Vista - All 32-bit editions • Microsoft Windows 2000 Server SP4 • Microsoft Windows Server 2003 SP1/R2 - All 32-bit editions SOLUTION: Apply patch 132192 (available in the customer portal). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------