KDE Security Dialog Spoofing Vulnerability in KDE SC by KDE
CVE-2011-3365

Currently unrated

Key Information:

Vendor: Kde
Status: Kde Sc
Vendor: CVE Published:; 29 November 2011

What is CVE-2011-3365?

The KDE SSL Wrapper (KSSL) API in KDE SC versions 4.6.0 through 4.7.1, and possibly earlier versions, contains a security flaw that allows remote attackers to exploit a rendering issue in the security dialog. This flaw enables attackers to spoof the common name (CN) of a certificate by utilizing rich text formatting. Users may be misled into trusting deceptive certificate information, exposing them to potential security risks.

References

https://bugzilla.redhat.com/show_bug.cgi?id=743054

x_refsource_CONFIRM

http://www.redhat.com/support/errata/RHSA-2011-1385.html

vendor-advisoryx_refsource_REDHAT

http://www.kde.org/info/security/advisory-20111003-1.txt

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 29, 2011
Vulnerability Reserved
Aug 30, 2011

CVE-2011-3365 Data

JSON

Kde

What is CVE-2011-3365?

References

Timeline