Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0004

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0004
Last Modified 05 Sep 2008 04:37:16
Published 17 Feb 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0004

Summary

The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users.

Vulnerable Systems

Application

  • Openca 0.9.1.6


References

CERT-VN - VU#336446

BID - 9435

CONFIRM - http://www.openca.org/news/CAN-2004-0004.txt

XF - openca-improper-signature-verification(14847)

OSVDB - 3615

BUGTRAQ - 20040116 [OpenCA Advisory] Vulnerability in signature verification


Last Updated: 27 May 2016 10:38:26