Bug 428207 (CVE-2007-6591)

Summary: CVE-2007-6591 konqueror: Certificate accepted for alt names, when only common name is shown
Product: [Other] Security Response Reporter: Red Hat Product Security <security-response-team>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: jrusnack, than
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6591
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-02-17 15:23:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lubomir Kundrak 2008-01-09 22:38:51 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6591 to the following vulnerability:

KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.

References:

http://www.securityfocus.com/archive/1/archive/1/483929/100/100/threaded
http://www.securityfocus.com/archive/1/archive/1/483960/100/100/threaded
http://www.securityfocus.com/archive/1/archive/1/483937/100/100/threaded
http://nils.toedtmann.net/pub/subjectAltName.txt
Comment 1 Lubomir Kundrak 2008-01-09 22:40:03 UTC 
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-6591

The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw.  More information regarding issue
severity can be found here:
http://www.redhat.com/security/updates/classification/#low
Comment 3 Red Hat Bugzilla 2009-10-23 19:04:14 UTC 
Reporter changed to security-response-team by request of Jay Turner.
Comment 4 Vincent Danen 2010-12-22 23:42:39 UTC 
The upstream bug report is here:

http://bugs.kde.org/show_bug.cgi?id=154921

By the sounds of things, this was fixed in 4.0.x; at least in 4.0.3 it seems to prevent this behaviour (either on purpose or by accident).  There doesn't seem to be any further details available.
Comment 5 Vincent Danen 2015-02-17 15:23:59 UTC 
Statement:

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.