Multiple products DigiNotar untrusted certificate (TLS_DigiNotar_Untrusted_Certificate)

About this signature or vulnerability

IBM Security Host Protection for Servers (Windows), Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Network MFS, RealSecure Network, RealSecure Server Sensor, Proventia Network IPS, IBM Security Host Protection for Desktops, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware, IBM Security Host Protection for Servers (Unix):

This signature detects an X.509 server certificate containing an issuer rdnSequence from 'DigiNotar' that has been blocked by popular browsers such as IE, Firefox, and Chrome.


Default risk level

High risk vulnerability  High

Sensors that have this signature

IBM Security Host Protection for Servers (Windows): 2.1.14.2680, Proventia Network IDS: XPU 31.090, Proventia-G 1.1 and earlier: XPU 31.090, Proventia Network MFS: XPU 31.090, RealSecure Network: XPU 31.090, RealSecure Server Sensor: XPU 31.090, Proventia Network IPS: XPU 31.090, IBM Security Host Protection for Desktops: 2680, Proventia Server IPS for Linux technology: 31.090, Virtual Server Protection for Vmware: XPU 31.090, IBM Security Host Protection for Servers (Unix): 2.2.2

Systems affected

Any manufacturer Web browser

Type

Protocol Signature

Vulnerability description

Multiple products are vulnerable to spoofing, phishing, and man-in-the-middle attacks due to the issuing of fraudulent DigiNotar root certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, a remote attacker could exploit this vulnerability to compromise the integrity of browser sessions.

How to remove this vulnerability

No remedy available as of May 1, 2013.

References

Microsoft Security Advisory (2607712)
Fraudulent Digital Certificates Could Allow Spoofing
http://www.microsoft.com/technet/security/advisory/2607712.mspx

Microsoft Security Response Center
Microsoft updates Security Advisory 2607712
http://blogs.technet.com/b/msrc/archive/2011/09/06/microsoft-updates-security-advisory-2607712.aspx

Microsoft Security Response Center
Microsoft Releases Security Advisory 2607712
http://blogs.technet.com/b/msrc/archive/2011/08/29/microsoft-releases-security-advisory-2607712.aspx

Microsoft Security Response Center
More on Microsoft’s response to the DigiNotar compromise
http://blogs.technet.com/b/msrc/archive/2011/09/04/more-on-microsoft-s-response-to-the-diginotar-compromise.aspx

IBM Security Protection Alert
DigiNotar certificate spoofing
http://www.iss.net/threats/435.html

ISS X-Force
Multiple products DigiNotar untrusted certificate
http://www.iss.net/security_center/static/69648.php