|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Tue Aug 28 2007 - 10:17:09 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Entrust ESP Certificate Path Validation Security Issue
SECUNIA ADVISORY ID:
SA26630
VERIFY ADVISORY:
http://secunia.com/advisories/26630/
CRITICAL:
Less critical
IMPACT:
Security Bypass, Spoofing
WHERE:
From remote
SOFTWARE:
Entrust Entelligence Security Provider 8.x
http://secunia.com/product/13733/
DESCRIPTION:
A security issue has been reported in Entrust Entelligence Security
Provider (ESP), which can lead to untrusted certificates misleadingly
being displayed as trustworthy.
The security issue is caused due to an error in the handling of flags
and error states in Security Provider when the Path Building and
Validation modules are installed. This can lead to untrusted
certificates wrongly being displayed as trusted and e.g. users
connecting to an untrusted SSL server or using an untrusted public
key.
The error can occur when a certificate path is incomplete and does
not chain the root certificate, an application requests a path
validation and indicates that an unknown revocation status should not
cause the path validation to fail, or the application indicates that
certain errors in the certificate path should be ignored.
The security issue is reported in Entrust Entelligence Security
Provider 8 running on the following platforms:
• Microsoft Windows 2000 Professional SP4
• Microsoft Windows XP SP1, SP1a, or SP2 (Professional/Home/Tablet
32-bit editions)
• Microsoft Windows Vista - All 32-bit editions
• Microsoft Windows 2000 Server SP4
• Microsoft Windows Server 2003 SP1/R2 - All 32-bit editions
SOLUTION:
Apply patch 132192 (available in the customer portal).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]