Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5965

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-5965
Last Modified 07 Mar 2011 10:01:34
Published 07 Jan 2008 08:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5965

Summary

QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which might make it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service, or trick a service into accepting an invalid client certificate for a user.

Vulnerable Systems

Application

  • Trolltech Qsslsocket 4.3.0

  • Trolltech Qsslsocket 4.3.1

  • Trolltech Qsslsocket 4.3.2


References

CONFIRM - http://trolltech.com/company/newsroom/announcements/press.2007-12-21.2182567220

FEDORA - FEDORA-2007-4354

FEDORA - FEDORA-2007-4285

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=427232

VUPEN - ADV-2008-0018

SECUNIA - 28321

SECUNIA - 28228

UBUNTU - USN-579-1

BID - 27112

SUSE - SUSE-SR:2008:002

MANDRIVA - MDVSA-2008:042

SECUNIA - 28999

SECUNIA - 28636


Last Updated: 27 May 2016 10:46:20