Vulnerabilities > CVE-2008-1676 - Credentials Management vulnerability in Netscape Certificate Management System 6.0/6.01/6.1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
redhat
netscape
CWE-255

Summary

Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate.

Common Weakness Enumeration (CWE)

Redhat

advisories
  • rhsa
    idRHSA-2008:0500
  • rhsa
    idRHSA-2008:0577
rpms
  • rhpki-common-0:7.3.0-29.el4
  • rhpki-common-0:7.2.0-11

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 30062 CVE ID:CVE-2008-1676 CNCVE ID:CNCVE-20081676 Red Hat Certificate System用于确保用户的身份以及通讯的私密性的证书系统。 Red Hat Certificate System在处理证书签名请求(csr)时存在缺陷,远程攻击者可以利用漏洞绕过安全策略进行中间人等攻击。 在证书签名请求中处理扩展存在缺陷,即使在证书授权档案文件中强制定义,所有请求扩展也会增加到发布的证书中。即使CA配置成禁止使用次级CA证书的情况下,攻击者可以针对次级CA证书发布一个CSR。这可导致绕过安全策略,放大针对使用RedHat证书管理的可信证书授权用户的中间人攻击威胁。 RedHat Certificate Server 7.3 RedHat Certificate Server 7.2 可参考如下安全公告获得补丁信息: <a href=http://rhn.redhat.com/errata/RHSA-2008-0500.html target=_blank>http://rhn.redhat.com/errata/RHSA-2008-0500.html</a> <a href=http://rhn.redhat.com/errata/RHSA-2008-0577.html target=_blank>http://rhn.redhat.com/errata/RHSA-2008-0577.html</a>
idSSV:3534
last seen2017-11-19
modified2008-07-03
published2008-07-03
reporterRoot
titleRed Hat证书系统rhpki-common安全绕过漏洞