Bug 630063 – CVE-2010-5076 Qt: QSslSocket incorrect handling of IP wildcards in certificate Common Name

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 630063 - (CVE-2010-5076) CVE-2010-5076 Qt: QSslSocket incorrect handling of IP wildcards in certificate Common Name

Summary:	CVE-2010-5076 Qt: QSslSocket incorrect handling of IP wildcards in certificat...

Status:	CLOSED ERRATA

Aliases:	CVE-2010-5076

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=low,public=20100714,reported=2...
Keywords:	Security

Depends On:	805433
Blocks:	784298
	Show dependency tree / graph

Reported:	2010-09-03 11:53 EDT by Jan Lieskovsky
Modified:	2012-06-20 10:49 EDT (History)
CC List:	2 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2012-06-20 06:09:28 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2012:0880	normal	SHIPPED_LIVE	Moderate: qt security and bug fix update	2012-06-19 15:50:56 EDT

Groups: None (edit)

Description Jan Lieskovsky 2010-09-03 11:53:02 EDT

Richard Moore and Simon Ward reported flaw in the way Qt software toolkit
handled wildcard characters in the Common Name field of a x509v3 digital
certificate. If an attacker is able to get a carefully-crafted certificate,
signed by a Certificate Authority trusted by Konqueror / Arora web browsers, 
the attacker could use the certificate during the man-in-the-middle attack 
and potentially confuse Konqueror / Arora into accepting it by mistake. 
Different vulnerability than CVE-2009-2408.

References:
 [1] http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt
 [2] http://bugs.gentoo.org/show_bug.cgi?id=335730

Comment 17 Tomas Hoger 2010-09-13 04:36:18 EDT

Upstream commit addressing this issue:
  http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e

KDE code re-implements name checking code in KIO::TCPSlaveBase, following KDE commit changes that code to address wp-10-0001 as well as the issue with * wilcard matching more than one host name label (see QTBUG-4455 or bug #520435, comment #2):

  http://websvn.kde.org/?view=revision&revision=1173851 (trunk)
  http://websvn.kde.org/?view=revision&revision=1173904 (4.4)

Comment 18 Tomas Hoger 2010-09-27 05:57:24 EDT

(In reply to comment #17)
> Upstream commit addressing this issue:
>   http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e

This patch has to be applied after:
  http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0

which is a fix for:
  http://bugreports.qt.nokia.com/browse/QTBUG-4455 (see bug #520435, comment #2)

Comment 20 Huzaifa S. Sidhpurwala 2012-03-21 05:53:37 EDT

This issue has been assigned CVE-2010-5076

Comment 26 errata-xmlrpc 2012-06-20 03:18:23 EDT

This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:0880 https://rhn.redhat.com/errata/RHSA-2012-0880.html

Note You need to log in before you can comment on or make changes to this bug.