FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-1492

This CVE name corresponds to:

Entered	Topic
2014-04-29	mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2014-1492 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2014-1492
Phase	Assigned(20140116)

Description

The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

References

Source	Reference
BUGTRAQ	20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
FULLDISC	20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
CONFIRM	https://bugzilla.mozilla.org/show_bug.cgi?id=903885
CONFIRM	https://bugzilla.redhat.com/show_bug.cgi?id=1079851
CONFIRM	https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes
CONFIRM	https://hg.mozilla.org/projects/nss/rev/709d4e597979
CONFIRM	http://www.mozilla.org/security/announce/2014/mfsa2014-45.html
CONFIRM	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
CONFIRM	http://www.vmware.com/security/advisories/VMSA-2014-0012.html
CONFIRM	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
CONFIRM	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
DEBIAN	DSA-2994
FEDORA	FEDORA-2014-5829
SUSE	SUSE-SU-2014:0665
SUSE	openSUSE-SU-2014:0599
SUSE	openSUSE-SU-2014:0629
SUSE	SUSE-SU-2014:0727
UBUNTU	USN-2159-1
UBUNTU	USN-2185-1
SECUNIA	59866