Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3365

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-3365
Last Modified 18 Jan 2012 10:59:28
Published 29 Nov 2011 12:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-3365

Summary

The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.

Vulnerable Systems

Application

  • Kde Sc 4.6.0

  • Kde Sc 4.6.1

  • Kde Sc 4.6.2

  • Kde Sc 4.6.3

  • Kde Sc 4.6.4

  • Kde Sc 4.6.5

  • Kde Sc 4.7.0

  • Kde Sc 4.7.1


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=743054

REDHAT - RHSA-2011:1385

REDHAT - RHSA-2011:1364

CONFIRM - http://www.kde.org/info/security/advisory-20111003-1.txt

MANDRIVA - MDVSA-2011:162


Last Updated: 27 May 2016 10:57:22