Bug 428207 - (CVE-2007-6591) CVE-2007-6591 konqueror: Certificate accepted for alt names, when only common name is shown
CVE-2007-6591 konqueror: Certificate accepted for alt names, when only common...
Status: CLOSED WONTFIX
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
http://nvd.nist.gov/nvd.cfm?cvename=C...
public=20071118,reported=20080109,sou...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-01-09 17:38 EST by Red Hat Product Security
Modified: 2015-02-19 04:16 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-02-17 10:23:59 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lubomir Kundrak 2008-01-09 17:38:51 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6591 to the following vulnerability:

KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.

References:

http://www.securityfocus.com/archive/1/archive/1/483929/100/100/threaded
http://www.securityfocus.com/archive/1/archive/1/483960/100/100/threaded
http://www.securityfocus.com/archive/1/archive/1/483937/100/100/threaded
http://nils.toedtmann.net/pub/subjectAltName.txt
Comment 1 Lubomir Kundrak 2008-01-09 17:40:03 EST
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-6591

The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw.  More information regarding issue
severity can be found here:
http://www.redhat.com/security/updates/classification/#low
Comment 3 Red Hat Bugzilla 2009-10-23 15:04:14 EDT
Reporter changed to security-response-team@redhat.com by request of Jay Turner.
Comment 4 Vincent Danen 2010-12-22 18:42:39 EST
The upstream bug report is here:

http://bugs.kde.org/show_bug.cgi?id=154921

By the sounds of things, this was fixed in 4.0.x; at least in 4.0.3 it seems to prevent this behaviour (either on purpose or by accident).  There doesn't seem to be any further details available.
Comment 5 Vincent Danen 2015-02-17 10:23:59 EST
Statement:

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Note You need to log in before you can comment on or make changes to this bug.