Main Vulnerability Database SB2013083001

SB2013083001 - Slackware Linux update for php

Published: August 30, 2013

Security Bulletin ID SB2013083001

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2013-4248)

The vulnerability allows a remote attacker to conduct MITM-attack on the target system.

The weakness exists due to the openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '' character in a domain name in the Subject Alternative Name field of an X.509 certificate. A remote attacker can use man-in-the-middle technique and spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Remediation

Install update from vendor's website.

References

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.343027