首页 -> 安全研究

安全研究

安全漏洞
KDE KSSL CA SSL证书验证漏洞

发布日期:2009-09-01
更新日期:2009-10-27

受影响系统:
KDE kdelibs 4.3
KDE kdelibs 4.2.4
KDE kdelibs 3.5.4
描述:
BUGTRAQ  ID: 36229
CVE(CAN) ID: CVE-2009-2702

KDE是一个为UNIX工作站设计的强大的开源图形桌面环境。

KDE库的KSSL实现没有正确地处理X.509证书Subject Alternative Name字段域名中的空字符(\0),在处理包含有空字符的证书字段时错误地将空字符处理为截止字符,因此只会验证空字符前的部分。例如,对于类似于以下的名称:

    example.com\0.haxx.se

证书是发布给haxx.se的,但KSSL错误的验证给example.com,这有助于攻击者通过中间人攻击执行网络钓鱼等欺骗。

<*来源:Dan Kaminsky
  
  链接:http://secunia.com/advisories/36468
        https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=520661
        http://www.debian.org/security/2009/dsa-1916
*>

建议:
厂商补丁:

Debian
------
Debian已经为此发布了一个安全公告(DSA-1916-1)以及相应补丁:
DSA-1916-1:New kdelibs packages fix SSL certificate verification weakness
链接:http://www.debian.org/security/2009/dsa-1916

补丁下载:

Source archives:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1.orig.tar.gz
Size/MD5 checksum: 18684663 a3f13367dcadef4749ba0173c8bc5f8e
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch3.diff.gz
Size/MD5 checksum:   601207 616c29ec7f685e9b10c802eb6879d912
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch3.dsc
Size/MD5 checksum:     1636 430e1a184def8c61269ebd4236ecf902

Architecture independent packages:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.5.5a.dfsg.1-8etch3_all.deb
Size/MD5 checksum:  8607892 a1326c3e10f4a1696b9d73115b417061
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch3_all.deb
Size/MD5 checksum:    34648 f4697ef70a2bc020b1c633c92981e81f
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.5.5a.dfsg.1-8etch3_all.deb
Size/MD5 checksum: 40162414 83be81e20b84b786c47a3351a3600c77

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch3_alpha.deb
Size/MD5 checksum: 11344344 fcf8158679c6b02b265065fba7249b83
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch3_alpha.deb
Size/MD5 checksum: 47410300 140679244bea5593cd7204757acffaa8
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch3_alpha.deb
Size/MD5 checksum:  1386002 759f49b6e4f61577f327f491eebbef2b

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch3_amd64.deb
Size/MD5 checksum: 27020178 9b823ef23ec5a6258bbffff9964dfd73
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch3_amd64.deb
Size/MD5 checksum:  1341570 4c1379c6a5a941996bcbb2e28e0337d2
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch3_amd64.deb
Size/MD5 checksum: 10400122 b69bbf19d34a6baf697f1ea837ffc861

arm architecture (ARM)

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch3_arm.deb
Size/MD5 checksum:  9303052 0927e59f8992bb7038484aecd13fdae2
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch3_arm.deb
Size/MD5 checksum: 46416584 0f497318d46b1964aa4fb6ebb33fdd30
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch3_arm.deb
Size/MD5 checksum:  1382294 ce520266aaa74f10d4bd1e0a3920f3b4

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch3_hppa.deb
Size/MD5 checksum: 11295914 37e40fc7af826345ca0da0e57b65fd37
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch3_hppa.deb
Size/MD5 checksum: 27634860 269c908fd77f4794fddd37bd5dae6765
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch3_hppa.deb
Size/MD5 checksum:  1385164 5debdc6befe7cddca8ec94ee20afdaf8

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch3_i386.deb
Size/MD5 checksum:  1380274 7ecda9b7973b7122035828d49c26864a
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch3_i386.deb
Size/MD5 checksum:  9738260 3bd6b5136465fbc6eb18f1112cbd3b58
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch3_i386.deb
Size/MD5 checksum: 26272380 63b27cabf41954b3b7d1f3a247d16573

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch3_ia64.deb
Size/MD5 checksum: 26570518 c5761ba11990a0a635513faba4eca8ec
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch3_ia64.deb
Size/MD5 checksum:  1358304 4540bea6e86f38d747ed9584f728b210
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch3_ia64.deb
Size/MD5 checksum: 13676456 4a0e1c0d5c7e6a3fa1187b7df0e4633d

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch3_mips.deb
Size/MD5 checksum: 27983074 f96d1e535d3cd480f0c9269091443347
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch3_mips.deb
Size/MD5 checksum:  9206788 8e7a6339d7ed2847d4504aa12d47c02e
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch3_mips.deb
Size/MD5 checksum:  1338840 b6099b99fec97a212ac2f769747b6316

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch3_mipsel.deb
Size/MD5 checksum: 27003108 66a2854c25cf83177ebc5373426a8f2e
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch3_mipsel.deb
Size/MD5 checksum:  1338974 90b38ab9915ceb01e90428378f56b521
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch3_mipsel.deb
Size/MD5 checksum:  9073056 201c010779166589d7073536cfeeeec6

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch3_powerpc.deb
Size/MD5 checksum: 27972600 a1124b1bea78cbfa8c8ad430cf4fc36e
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch3_powerpc.deb
Size/MD5 checksum:  1343264 b25ad9b4f60d3befc1f024f064c64591
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch3_powerpc.deb
Size/MD5 checksum:  9766990 fdec4087cbc21c4fdcce15edb92cc70b

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch3_s390.deb
Size/MD5 checksum: 10493986 9e864384992c6c5ecc04f365eedf23b4
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch3_s390.deb
Size/MD5 checksum: 27406104 49e53487b352067bbd9628855bf9df6f
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch3_s390.deb
Size/MD5 checksum:  1338286 7ce98a55d9ea45e9114eeb36a538b3a7

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch3_sparc.deb
Size/MD5 checksum:  9492094 cae78b4a0d4c3b4dd9b85b374f160a8b
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch3_sparc.deb
Size/MD5 checksum:  1380428 b256b5788df911cc21da1c63756b38e2
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch3_sparc.deb
Size/MD5 checksum: 25336234 b02e32e06c3eff9f7b69343f76e10b1f

补丁安装方法:

1. 手工安装补丁包:

  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)

  然后,使用下面的命令来安装补丁:  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

   首先,使用下面的命令更新内部数据库:
   # apt-get update
  
   然后,使用下面的命令安装更新软件包:
   # apt-get upgrade

浏览次数:2509
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客