*** This bug is a security vulnerability *** Public security bug reported:
freerdp in 1.0 added a lot of SSL/X509 certification verification, which is excellent. However, x509_verify_cert() in libfreerdp-core/crypto.c does not validate that the server's hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field, which makes it easier to perform man in the middle attacks. tls_verify_certificate() in libfreerdp-core/tls.c also suffers from the same deficiency when it falls back to verifying a certificate that was added to freerdp's certificate store. As freerdp is new and I don't think anyone has released with it yet, I am not going to issue a CVE at this time. This fix should also be coordinated with Debian unstable since they also have 1.0. People interested in fixing this might want to consult http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4318.html for reference. ** Affects: freerdp (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** Description changed: freerdp in 1.0 added a lot of SSL/X509 certification verification, which is excellent. However, x509_verify_cert() in libfreerdp-core/crypto.c does not validate that the server's hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name - field, which makes it easier to perform main in the middle attacks. + field, which makes it easier to perform man in the middle attacks. tls_verify_certificate() in libfreerdp-core/tls.c also suffers from the same deficiency when it falls back to verifying a certificate that was added to freerdp's certificate store. As freerdp is new and I don't think anyone has released with it yet, I am not going to issue a CVE at this time. This fix should also be coordinated with Debian unstable since they also have 1.0. People interested in fixing this might want to consult http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4318.html for reference. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/925657 Title: freerdp does not check the server's hostname when verifying ssl certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freerdp/+bug/925657/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
