Multiple products DigiNotar untrusted certificate (TLS_DigiNotar_Untrusted_Certificate)

About this signature or vulnerability

IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor, Virtual Server Protection for Vmware, Proventia Network IPS, Proventia Server IPS for Linux technology, IBM Security Host Protection for Servers (Unix), IBM Security Host Protection for Desktops, Proventia-G 1.1 and earlier, Proventia Network MFS, Proventia Network IDS:

This signature detects an X.509 server certificate containing an issuer rdnSequence from 'DigiNotar' that has been blocked by popular browsers such as IE, Firefox, and Chrome.


Default risk level

High risk vulnerability  High

Sensors that have this signature

IBM Security Host Protection for Servers (Windows): 2.1.14.2680, RealSecure Server Sensor: XPU 31.090, Virtual Server Protection for Vmware: XPU 31.090, Proventia Network IPS: XPU 31.090, Proventia Server IPS for Linux technology: 31.090, IBM Security Host Protection for Servers (Unix): 2.2.2, IBM Security Host Protection for Desktops: 2680, Proventia-G 1.1 and earlier: XPU 31.090, Proventia Network MFS: XPU 31.090, Proventia Network IDS: XPU 31.090

Systems affected

Any manufacturer Web browser

Type

Protocol Signature

Vulnerability description

Multiple products are vulnerable to spoofing, phishing, and man-in-the-middle attacks due to the issuing of fraudulent DigiNotar root certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, a remote attacker could exploit this vulnerability to compromise the integrity of browser sessions.

How to remove this vulnerability

No remedy available as of April 1, 2014.

References

Microsoft Security Advisory (2607712)
Fraudulent Digital Certificates Could Allow Spoofing
http://www.microsoft.com/technet/security/advisory/2607712.mspx

Microsoft Security Response Center
Microsoft updates Security Advisory 2607712
http://blogs.technet.com/b/msrc/archive/2011/09/06/microsoft-updates-security-advisory-2607712.aspx

Microsoft Security Response Center
Microsoft Releases Security Advisory 2607712
http://blogs.technet.com/b/msrc/archive/2011/08/29/microsoft-releases-security-advisory-2607712.aspx

Microsoft Security Response Center
More on Microsoft’s response to the DigiNotar compromise
http://blogs.technet.com/b/msrc/archive/2011/09/04/more-on-microsoft-s-response-to-the-diginotar-compromise.aspx

IBM Security Protection Alert
DigiNotar certificate spoofing
http://www.iss.net/threats/435.html

ISS X-Force
Multiple products DigiNotar untrusted certificate
http://www.iss.net/security_center/static/69648.php