Computer Security
[EN] securityvulns.ru
no-pyccku

  

DigiNotar fraudulent certificates
updated since 01.09.2011
Published:16.09.2011
Source:
SecurityVulns ID:11889
Type:remote
Threat Level:
6/10
Description:Well known domain names certificates were issued to untrusted party.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 APPLE : MacOS X 10.6
 MOZILLA : Firefox 3.6
 MOZILLA : Thunderbird 3.1
 OPENSSL : OpenSSL 1.0
 MOZILLA : Thunderbird 6.0
 MOZILLA : Firefox 6.0
 MOZILLA : SeaMonkey 2.3
CVE:CVE-2011-1945 (The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2309-1] openssl security update (16.09.2011)
 documentAPPLE, APPLE-SA-2011-09-09-1 Security Update 2011-005 (13.09.2011)
Files:Mozilla Foundation Security Advisory 2011-34 Protection against fraudulent DigiNotar certificates
 Microsoft Security Advisory (2607712) Fraudulent Digital Certificates Could Allow Spoofing
 Mozilla Foundation Security Advisory 2011-35 Additional protection against fraudulent DigiNotar certificates

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru