CVE-2010-3170

Related Files

VMware Security Advisory 2011-0013

Posted Oct 28, 2011

Authored by VMware | Site vmware.com

VMware Security Advisory 2011-0013 - Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 addresses several security issues.

tags | advisory

advisories | CVE-2008-7270, CVE-2010-1321, CVE-2010-2054, CVE-2010-3170, CVE-2010-3173, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570

SHA-256 | bfa44b90a996832dc4d48ee3d88431651288c9f75d7f7f82d502411d95c5dce3

Download | Favorite | View

Debian Linux Security Advisory 2123-1

Posted Nov 2, 2010

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2123-1 - Several vulnerabilities have been discovered in Mozilla's Network Security Services (NSS) library.

tags | advisory, vulnerability

systems | linux, debian

advisories | CVE-2010-3170, CVE-2010-3173

SHA-256 | 1159efd66bdc07507b0193831b687d83442325603c2069e54b17584e72db4175

Download | Favorite | View

Mandriva Linux Security Advisory 2010-210

Posted Oct 22, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-210 - Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. Various other issues have also been addressed.

tags | advisory, remote, arbitrary, spoof

systems | linux, mandriva

advisories | CVE-2010-3170, CVE-2010-3173, CVE-2010-3174, CVE-2010-3175, CVE-2010-3176, CVE-2010-3177, CVE-2010-3178, CVE-2010-3179, CVE-2010-3180, CVE-2010-3182, CVE-2010-3183

SHA-256 | b49486071419be28e46150635739bbf1691dc4896d5fd2196ec5211581c260cf

Download | Favorite | View

Ubuntu Security Notice 1007-1

Posted Oct 20, 2010

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1007-1 - Richard Moore discovered that NSS would sometimes incorrectly match an SSL certificate which had a Common Name that used a wildcard followed by a partial IP address. While it is very unlikely that a Certificate Authority would issue such a certificate, if an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Nelson Bolyard discovered a weakness in the Diffie-Hellman Ephemeral mode (DHE) key exchange implementation which allowed servers to use a too small key length.

tags | advisory

systems | linux, ubuntu

advisories | CVE-2010-3170, CVE-2010-3173

SHA-256 | 648f9afee39487efe955eece570e465a21e61d1af8895a0f7f6a13aadb5d0b4d

Download | Favorite | View