CVE-2008-1676
First published: Mon May 05 2008(Updated: )
A flaw was found in a way Red Hat Certificate System handled Extensions in the certificate signing requests (CSR). All requested Extensions were added to issued certificate despite constraints defined in Certificate Authority (CA) profile. For example, CSR could contain Basic Constraints or Key Usage constraint that once copied to issued certificate would result in creation of subordinate CA certificate, even though CA configuration prohibits issuing of subordinate CA certificate, possibly leading to a bypass the intended security policy. Affected versions: Red Hat Certificate System 7.1, 7.2, 7.3 Netscape Certificate Management System 6.x
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IETF X.509 Certificate | =7.1 | |
| IETF X.509 Certificate | =7.2 | |
| IETF X.509 Certificate | =7.3 | |
| Netscape Certificate Server | <=6.2 | |
| Netscape Certificate Server | =6.0 | |
| Netscape Certificate Server | =6.01 | |
| Netscape Certificate Server | =6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=445227
- http://rhn.redhat.com/errata/RHSA-2008-0500.html
- http://rhn.redhat.com/errata/RHSA-2008-0577.html
- http://www.securityfocus.com/bid/30062
- http://secunia.com/advisories/30929
- http://www.securitytracker.com/id?1020427
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43573
- https://access.redhat.com/security/cve/CVE-2002-0970
- https://access.redhat.com/security/cve/CVE-2002-0862
Frequently Asked Questions
What is the severity of CVE-2008-1676?
CVE-2008-1676 is considered to have a medium severity level due to improper handling of certificate extensions.
How do I fix CVE-2008-1676?
To fix CVE-2008-1676, ensure that your version of the Red Hat Certificate System is updated to the latest patch version.
What systems are affected by CVE-2008-1676?
CVE-2008-1676 affects Red Hat Certificate System versions 7.1, 7.2, and 7.3, as well as various versions of the Netscape Certificate Management System.
What are the potential consequences of CVE-2008-1676?
The consequences of CVE-2008-1676 include improperly issued certificates that may not respect the defined constraints, potentially compromising security.
Can CVE-2008-1676 be exploited remotely?
CVE-2008-1676 does not specify a remote exploitation vector, but it could lead to the issuance of unauthorized certificates if exploited.
- collector/nvd-historical
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2008-1676
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/ietf x.509 certificate
- version/ietf x.509 certificate/7.1
- version/ietf x.509 certificate/7.2
- version/ietf x.509 certificate/7.3
- vendor/netscape
- canonical/netscape certificate server
- version/netscape certificate server/6.2
- version/netscape certificate server/6.0
- version/netscape certificate server/6.01
- version/netscape certificate server/6.1