Computer Security
[EN] securityvulns.ru
no-pyccku



DigiNotar fraudulent certificates
updated since 01.09.2011
Published:16.09.2011
Source:MOZILLA
SecurityVulns ID:11889
Type:remote
Level:6/10
Description:Well known domain names certificates were issued to untrusted party.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 APPLE : MacOS X 10.6
 MOZILLA : Firefox 3.6
 MOZILLA : Thunderbird 3.1
 OPENSSL : OpenSSL 1.0
 MOZILLA : Thunderbird 6.0
 MOZILLA : Firefox 6.0
 MOZILLA : SeaMonkey 2.3
CVE:CVE-2011-1945 (The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2309-1] openssl security update (16.09.2011)
 documentAPPLE, APPLE-SA-2011-09-09-1 Security Update 2011-005 (13.09.2011)
Files:Mozilla Foundation Security Advisory 2011-34 Protection against fraudulent DigiNotar certificates
 Microsoft Security Advisory (2607712) Fraudulent Digital Certificates Could Allow Spoofing
 Mozilla Foundation Security Advisory 2011-35 Additional protection against fraudulent DigiNotar certificates
Discuss:Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru