Computer Security
[EN] no-pyccku

DigiNotar fraudulent certificates
updated since 01.09.2011
SecurityVulns ID:11889
Threat Level:
Description:Well known domain names certificates were issued to untrusted party.
Affected:MOZILLA : SeaMonkey 2.3
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 APPLE : MacOS X 10.6
 MOZILLA : Firefox 3.6
 MOZILLA : Thunderbird 3.1
 OPENSSL : OpenSSL 1.0
 MOZILLA : Thunderbird 6.0
 MOZILLA : Firefox 6.0
CVE:CVE-2011-1945 (The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2309-1] openssl security update (16.09.2011)
 documentAPPLE, APPLE-SA-2011-09-09-1 Security Update 2011-005 (13.09.2011)
Files:Microsoft Security Advisory (2607712) Fraudulent Digital Certificates Could Allow Spoofing
 Mozilla Foundation Security Advisory 2011-35 Additional protection against fraudulent DigiNotar certificates
 Mozilla Foundation Security Advisory 2011-34 Protection against fraudulent DigiNotar certificates

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod