KDE KSSL Vulnerability in kdelibs Affected by SSL Spoofing
CVE-2009-2702

Currently unrated

Key Information:

Vendor

Kde

Status
Kdelibs
Vendor
CVE Published:
8 September 2009

What is CVE-2009-2702?

The KDE KSSL component within kdelibs versions 3.5.4, 4.2.4, and 4.3 has a flaw that improperly handles the null character ('\0') in domain names located in the Subject Alternative Name field of X.509 certificates. This vulnerability could enable man-in-the-middle attackers to compromise SSL communications by spoofing valid SSL servers with specially crafted certificates that are issued by legitimate Certification Authorities. This issue is related to CVE-2009-2408.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://bugzilla.redhat.com/show_bug.cgi?id=520661
x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-20...
vendor-advisoryx_refsource_MANDRIVA
http://secunia.com/advisories/36468
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.