| 2012-02-02 19:16:43 |
Jamie Strandboge |
bug |
|
|
added bug |
| 2012-02-02 19:16:53 |
Jamie Strandboge |
visibility |
private |
public |
|
| 2012-02-02 19:17:18 |
Jamie Strandboge |
description |
freerdp in 1.0 added a lot of SSL/X509 certification verification, which is excellent. However, x509_verify_cert() in libfreerdp-core/crypto.c does not validate that the server's hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field, which makes it easier to perform main in the middle attacks.
tls_verify_certificate() in libfreerdp-core/tls.c also suffers from the same deficiency when it falls back to verifying a certificate that was added to freerdp's certificate store.
As freerdp is new and I don't think anyone has released with it yet, I am not going to issue a CVE at this time. This fix should also be coordinated with Debian unstable since they also have 1.0.
People interested in fixing this might want to consult http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4318.html for reference. |
freerdp in 1.0 added a lot of SSL/X509 certification verification, which is excellent. However, x509_verify_cert() in libfreerdp-core/crypto.c does not validate that the server's hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field, which makes it easier to perform man in the middle attacks.
tls_verify_certificate() in libfreerdp-core/tls.c also suffers from the same deficiency when it falls back to verifying a certificate that was added to freerdp's certificate store.
As freerdp is new and I don't think anyone has released with it yet, I am not going to issue a CVE at this time. This fix should also be coordinated with Debian unstable since they also have 1.0.
People interested in fixing this might want to consult http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4318.html for reference. |
|
| 2012-02-02 19:22:21 |
Jamie Strandboge |
summary |
freerdp does not check the CommonName when verifying ssl certificates |
freerdp does not check the server's hostname when verifying ssl certificates |
|
| 2012-02-02 19:26:37 |
Jamie Strandboge |
freerdp (Ubuntu): importance |
Undecided |
High |
|
| 2012-02-02 19:27:27 |
Jamie Strandboge |
summary |
freerdp does not check the server's hostname when verifying ssl certificates |
[precise] freerdp does not check the server's hostname when verifying ssl certificates |
|
| 2012-02-02 19:27:53 |
Jamie Strandboge |
description |
freerdp in 1.0 added a lot of SSL/X509 certification verification, which is excellent. However, x509_verify_cert() in libfreerdp-core/crypto.c does not validate that the server's hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field, which makes it easier to perform man in the middle attacks.
tls_verify_certificate() in libfreerdp-core/tls.c also suffers from the same deficiency when it falls back to verifying a certificate that was added to freerdp's certificate store.
As freerdp is new and I don't think anyone has released with it yet, I am not going to issue a CVE at this time. This fix should also be coordinated with Debian unstable since they also have 1.0.
People interested in fixing this might want to consult http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4318.html for reference. |
freerdp in 1.0 added a lot of SSL/X509 certification verification, which is excellent. However, x509_verify_cert() in libfreerdp-core/crypto.c does not validate that the server's hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field, which makes it easier to perform man in the middle attacks.
tls_verify_certificate() in libfreerdp-core/tls.c also suffers from the same deficiency when it falls back to verifying a certificate that was added to freerdp's certificate store.
As freerdp 1.0 is new and I don't think anyone has released with it yet, I am not going to issue a CVE at this time. This fix should also be coordinated with Debian unstable since they also have 1.0.
People interested in fixing this might want to consult http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4318.html for reference. |
|
| 2012-02-03 05:17:23 |
Martin Pitt |
bug |
|
|
added subscriber Martin Pitt |
| 2012-02-03 08:36:03 |
Stéphane Verdy |
bug |
|
|
added subscriber Stéphane Verdy |
| 2012-02-03 09:24:52 |
Nerd_bloke |
bug |
|
|
added subscriber Nerd_bloke |
| 2012-02-03 16:38:36 |
marcandre.moreau |
bug |
|
|
added subscriber marcandre.moreau |
| 2012-02-09 09:37:01 |
David Planella |
bug |
|
|
added subscriber David Planella |
| 2012-02-10 02:59:15 |
Jamie Strandboge |
freerdp (Ubuntu): status |
New |
In Progress |
|
| 2012-02-10 02:59:23 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Precise |
|
| 2012-02-10 02:59:23 |
Jamie Strandboge |
bug task added |
|
freerdp (Ubuntu Precise) |
|
| 2012-02-10 02:59:31 |
Jamie Strandboge |
freerdp (Ubuntu Precise): milestone |
|
ubuntu-12.04-beta-1 |
|
| 2012-02-10 02:59:58 |
Jamie Strandboge |
tags |
|
rls-mgr-p-tracking |
|
| 2012-02-10 19:31:42 |
Jeremy Bícha |
bug |
|
|
added subscriber Jeremy Bicha |
| 2012-02-11 18:43:05 |
Martin Pitt |
freerdp (Ubuntu Precise): status |
In Progress |
Fix Released |
|
