Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2761

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-2761
Last Modified 19 Nov 2010 12:27:20
Published 05 Jan 2009 03:30:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2761

Summary

The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.

Vulnerable Systems

Application

  • Ietf Md5


References

CERT-VN - VU#836068

FEDORA - FEDORA-2009-1276

REDHAT - RHSA-2010:0838

REDHAT - RHSA-2010:0837

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=648886

MISC - https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php

MISC - http://www.win.tue.nl/hashclash/SoftIntCodeSign/

MISC - http://www.win.tue.nl/hashclash/rogue-ca/

UBUNTU - USN-740-1

BID - 33065

BUGTRAQ - 20081230 MD5 Considered Harmful Today: Creating a rogue CA certificate

MISC - http://www.phreedom.org/research/rogue-ca/

MISC - http://www.microsoft.com/technet/security/advisory/961509.mspx

MISC - http://www.doxpara.com/research/md5/md5_someday.pdf

CISCO - 20090115 MD5 Hashes May Allow for Certificate Spoofing

SECTRACK - 1024697

SREASON - 4866

SECUNIA - 42181

SECUNIA - 34281

SECUNIA - 33826

MISC - http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx

MISC - http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/


Last Updated: 27 May 2016 10:39:37